The branch main has been updated by markj:
URL:
https://cgit.FreeBSD.org/src/commit/?id=7c2f227a17ded0934c5941c7911797edb7d770a2
commit 7c2f227a17ded0934c5941c7911797edb7d770a2
Author: Mark Johnston <ma...@freebsd.org>
AuthorDate: 2021-09-24 19:04:45 +0000
Commit: Mark Johnston <ma...@freebsd.org>
CommitDate: 2021-09-24 19:04:45 +0000
opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC
Otherwise we can end up comparing the computed digest with an
uninitialized kernel buffer.
In cryptoaead_op() we already unconditionally fail the request if a
pointer to a digest buffer is not specified.
Based on a patch by Simran Kathpalia.
Reported by: syzkaller
Reviewed by: jhb
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/529
Differential Revision: https://reviews.freebsd.org/D32124
---
sys/opencrypto/cryptodev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c
index 6bbcf977ac72..5d281f3157fa 100644
--- a/sys/opencrypto/cryptodev.c
+++ b/sys/opencrypto/cryptodev.c
@@ -889,7 +889,7 @@ cryptodev_op(struct csession *cse, const struct crypt_op
*cop)
dst += cse->ivsize;
}
- if (cop->mac != NULL && crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
+ if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
error = copyin(cop->mac, cod->buf + crp->crp_digest_start,
cse->hashsize);
if (error) {
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"
