upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-14 19:20:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC

Browse source 
Otherwise we can end up comparing the computed digest with an
uninitialized kernel buffer.

In cryptoaead_op() we already unconditionally fail the request if a
pointer to a digest buffer is not specified.

Based on a patch by Simran Kathpalia.

Reported by:	syzkaller
Reviewed by:	jhb
Pull Request:	https://github.com/freebsd/freebsd-src/pull/529

(cherry picked from commit 7c2f227a17)
This commit is contained in:
Mark Johnston 2021-09-24 15:04:45 -04:00
parent 8b1039f918
commit d04c12765c
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/opencrypto/cryptodev.c
View file

@ -943,7 +943,7 @@ cryptodev_op(struct csession *cse, const struct crypt_op *cop)
dst += cse->ivsize;
}
if (cop->mac != NULL && crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
error = copyin(cop->mac, cod->buf + crp->crp_digest_start,
cse->hashsize);
if (error) {