Date: Tue, 12 May 2020 16:59:09 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360977 - releng/12.1/sys/opencrypto Message-ID: <202005121659.04CGx91N064102@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon Date: Tue May 12 16:59:09 2020 New Revision: 360977 URL: https://svnweb.freebsd.org/changeset/base/360977 Log: Fix insufficient cryptodev MAC key length check. Approved by: so Security: FreeBSD-SA-20:16.cryptodev Security: CVE-2019-15880 Modified: releng/12.1/sys/opencrypto/cryptodev.c Modified: releng/12.1/sys/opencrypto/cryptodev.c ============================================================================== --- releng/12.1/sys/opencrypto/cryptodev.c Tue May 12 16:57:47 2020 (r360976) +++ releng/12.1/sys/opencrypto/cryptodev.c Tue May 12 16:59:09 2020 (r360977) @@ -602,8 +602,8 @@ cryptof_ioctl( if (thash) { cria.cri_alg = thash->type; cria.cri_klen = sop->mackeylen * 8; - if (thash->keysize != 0 && - sop->mackeylen > thash->keysize) { + if (sop->mackeylen > thash->keysize || + sop->mackeylen < 0) { CRYPTDEB("invalid mac key length"); error = EINVAL; SDT_PROBE1(opencrypto, dev, ioctl, error,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005121659.04CGx91N064102>