Date: Fri, 24 Sep 2021 19:06:28 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 7c2f227a17de - main - opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC Message-ID: <202109241906.18OJ6SX3031694@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=7c2f227a17ded0934c5941c7911797edb7d770a2 commit 7c2f227a17ded0934c5941c7911797edb7d770a2 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2021-09-24 19:04:45 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2021-09-24 19:04:45 +0000 opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC Otherwise we can end up comparing the computed digest with an uninitialized kernel buffer. In cryptoaead_op() we already unconditionally fail the request if a pointer to a digest buffer is not specified. Based on a patch by Simran Kathpalia. Reported by: syzkaller Reviewed by: jhb MFC after: 1 week Pull Request: https://github.com/freebsd/freebsd-src/pull/529 Differential Revision: https://reviews.freebsd.org/D32124 --- sys/opencrypto/cryptodev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 6bbcf977ac72..5d281f3157fa 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -889,7 +889,7 @@ cryptodev_op(struct csession *cse, const struct crypt_op *cop) dst += cse->ivsize; } - if (cop->mac != NULL && crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { + if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { error = copyin(cop->mac, cod->buf + crp->crp_digest_start, cse->hashsize); if (error) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202109241906.18OJ6SX3031694>