Site Navigation

Date:      Tue, 12 May 2020 16:59:09 +0000 (UTC)
From:      Gordon Tetlow <gordon@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject:   svn commit: r360977 - releng/12.1/sys/opencrypto
Message-ID:  <202005121659.04CGx91N064102@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: gordon
Date: Tue May 12 16:59:09 2020
New Revision: 360977
URL: https://svnweb.freebsd.org/changeset/base/360977

Log:
  Fix insufficient cryptodev MAC key length check.
  
  Approved by:	so
  Security:	FreeBSD-SA-20:16.cryptodev
  Security:	CVE-2019-15880

Modified:
  releng/12.1/sys/opencrypto/cryptodev.c

Modified: releng/12.1/sys/opencrypto/cryptodev.c
==============================================================================
--- releng/12.1/sys/opencrypto/cryptodev.c	Tue May 12 16:57:47 2020	(r360976)
+++ releng/12.1/sys/opencrypto/cryptodev.c	Tue May 12 16:59:09 2020	(r360977)
@@ -602,8 +602,8 @@ cryptof_ioctl(
 		if (thash) {
 			cria.cri_alg = thash->type;
 			cria.cri_klen = sop->mackeylen * 8;
-			if (thash->keysize != 0 &&
-			    sop->mackeylen > thash->keysize) {
+			if (sop->mackeylen > thash->keysize ||
+			    sop->mackeylen < 0) {
 				CRYPTDEB("invalid mac key length");
 				error = EINVAL;
 				SDT_PROBE1(opencrypto, dev, ioctl, error,

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005121659.04CGx91N064102>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact