Fix writing of the final block of encrypted, compressed kernel dumps.

Previously any residual data in the final block of a compressed kernel dump would be written unencrypted. Note, such a configuration already does not work properly when using AES-CBC since the compressed data is typically not a multiple of the AES block length in size and EKCD does not implement any padding scheme. However, EKCD more recently gained support for using the ChaCha20 cipher, which being a stream cipher does not have this problem. Submitted by: sigsys@gmail.com Reviewed by: cem MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D26188
2020-08-27 17:36:06 +00:00 · 2020-08-27 17:36:06 +00:00 · 6255e8c8e2
commit 6255e8c8e2
parent d0fba0c58a
1 changed files with 5 additions and 3 deletions
--- a/sys/kern/kern_shutdown.c
+++ b/sys/kern/kern_shutdown.c
@ -1464,6 +1464,7 @@ kerneldumpcomp_write_cb(void *base, size_t length, off_t offset, void *arg)
 		}
 		resid = length - rlength;
 		memmove(di->blockbuf, (uint8_t *)base + rlength, resid);
+		bzero((uint8_t *)di->blockbuf + resid, di->blocksize - resid);
 		di->kdcomp->kdc_resid = resid;
 		return (EAGAIN);
 	}
@ -1680,9 +1681,10 @@ dump_finish(struct dumperinfo *di, struct kerneldumpheader *kdh)
 		error = compressor_flush(di->kdcomp->kdc_stream);
 		if (error == EAGAIN) {
 			/* We have residual data in di->blockbuf. */
-			error = dump_write(di, di->blockbuf, 0, di->dumpoff,
-			    di->blocksize);
-			di->dumpoff += di->kdcomp->kdc_resid;
+			error = _dump_append(di, di->blockbuf, 0, di->blocksize);
+			if (error == 0)
+				/* Compensate for _dump_append()'s adjustment. */
+				di->dumpoff -= di->blocksize - di->kdcomp->kdc_resid;
 			di->kdcomp->kdc_resid = 0;
 		}
 		if (error != 0)