d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix bogus check. It was possible to panic the kernel by giving 0 length.

Browse Source 
This is actually a local DoS, as every user can use /dev/crypto if there
is crypto hardware in the system and cryptodev.ko is loaded (or compiled
into the kernel).

Reported by:	Mike Tancsa <mike@sentex.net>
MFC after:	1 day
This commit is contained in:
Pawel Jakub Dawidek 2005-08-18 11:58:03 +00:00
parent 7df76a1312
commit e6d944d7c3
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/opencrypto/cryptodev.c
View File

@ -336,8 +336,10 @@ cryptodev_op(
if (cop->len > 256*1024-4)
return (E2BIG);
if (cse->txform && (cop->len % cse->txform->blocksize) != 0)
return (EINVAL);
if (cse->txform) {
if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0)
return (EINVAL);
}
cse->uio.uio_iov = &cse->iovec;
cse->uio.uio_iovcnt = 1;