Date: Mon, 1 Aug 2016 17:25:07 -0700 From: Conrad Meyer <cem@freebsd.org> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org, "secteam@FreeBSD.org" <secteam@freebsd.org>, ecturt@gmail.com Subject: Re: svn commit: r303650 - head/sys/opencrypto Message-ID: <CAG6CVpXQT6bB4aMBCD37df1iW3pMYsZMPt0v6uFv=d4558VzrQ@mail.gmail.com> In-Reply-To: <20160801235852.GH7956@mutt-hardenedbsd> References: <201608012257.u71Mv3YA030076@repo.freebsd.org> <EA6F519C-48ED-4335-B543-191A7758D58A@hardenedbsd.org> <CAG6CVpVJffrcArygppQb0VJ=a%2Bw1coxCwZ1W62cMpgBUMDLvJQ@mail.gmail.com> <20160801235852.GH7956@mutt-hardenedbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
That would be difficult, as this is completely dead code in base. It could be accessed through the /dev/crypto device by a port, however. You haven't convinced me there is a security issue. Cheers, Conrad On Mon, Aug 1, 2016 at 4:58 PM, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: > Adding CTurt to see if he wants to take a stab at writing a PoC exploit. > It'd be cool for an offensive researcher to determine if it's simply a > DoS. But regardless, a security fix is a security fix. All > currently-supported branches really should be updated. > > Thanks, > > Shawn > > On Mon, Aug 01, 2016 at 04:41:02PM -0700, Conrad Meyer wrote: >> Hey Shawn, >> >> I don't think this is security-related despite being a bug in >> crypto-adjacent code. At best it's a DoS, I think. >> >> Cheers, >> Conrad >> >> On Mon, Aug 1, 2016 at 4:15 PM, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: >> > -----BEGIN PGP SIGNED MESSAGE----- >> > Hash: SHA512 >> > >> > >> > >> > On August 1, 2016 6:57:03 PM EDT, "Conrad E. Meyer" <cem@FreeBSD.org> wrote: >> >>Author: cem >> >>Date: Mon Aug 1 22:57:03 2016 >> >>New Revision: 303650 >> >>URL: https://svnweb.freebsd.org/changeset/base/303650 >> >> >> >>Log: >> >> opencrypto AES-ICM: Fix heap corruption typo >> >> >> >>This error looks like it was a simple copy-paste typo in the original >> >>commit >> >> for this code (r275732). >> >> >> >> PR: 204009 >> >> Reported by: Chang-Hsien Tsai <luke.tw AT gmail.com> >> >> Sponsored by: EMC / Isilon Storage >> > >> > Since cem@ refuses to MFC even security fixes, can someone with a commit bit please MFC this within normal security-related MFC timeframe? Additionally, does a security advisory need to be sent out? CC'ing secteam@. >> > >> > Thanks, >> > >> > Shawn >> > >> > - -- >> > Sent from my Android device with K-9 Mail. Please excuse my brevity. >> > -----BEGIN PGP SIGNATURE----- >> > Version: APG v1.1.1 >> > >> > iQI/BAEBCgApBQJXn9ggIhxTaGF3biBXZWJiIDxzaGF3bkBzaGF3bndlYmIuaW5m >> > bz4ACgkQaoRlj1JFbu4Ypg//XLLOHX3y5ULHSEqEQ6tgUjQiR+9ADYKX1Zza3ghI >> > FsHEr7O8yi31jb8EJ9+oOiZOHxjAfLP+ezwNoa9xRUQu0IoTcCLU6PzCzHv2viaa >> > UZ+ae5xbB48i89o2ZshGTKgtwAzkCOhNkvPaAmS2yu14Xg+2CbhY2mCR+qdnAnMS >> > cUU4dTsqTI+cHQoE2ehzDst/ABSaBZa2XZKxFp3EeTb3r2bNAvh72zMv6ethU8Ht >> > 5VE7ZyRfQBpObZVcmSy6Sg8+vyjTRE4pdiajSqs3kIitPvxljwukMQ6DcdHCnJPx >> > IlOTXnM1wd7iHSwNTP8jniemOR4QrrQ3fEwglsnjp2t45ZnWi46LhfoekOinX42v >> > x7f+XWhcw0/oCF34q0rQ/YxFr0OcammmPMqjYKy7dlk2H6FSk9jnqh19lXu+qZP6 >> > UzlUS+IHHn7o0OaV9Tflsey7/24hFjEVAHFKZxsG7VzKaSjri6aJ8p2Mr2D1o1os >> > rEMF15pV2d9l7tIFN0FigqmffZswpTbk+uNNHc8rg+Tq7QV1fhceTgLLXRfqlpq8 >> > ES/Y3Epr22KCCEhftQw3fqC1XpOpn5CUc3svJx7llXWYc/c7RdxGDNSujFF3IARk >> > 741mx0N/ZkrcXZ/u/zk5+gMmS7NxhQXNk3QueRTIlqZv7e9GdlaYAPMZxQZKQKm3 >> > +YQ= >> > =B3c1 >> > -----END PGP SIGNATURE----- >> > >> > > > -- > Shawn Webb > Cofounder and Security Engineer > HardenedBSD > > GPG Key ID: 0x6A84658F52456EEE > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpXQT6bB4aMBCD37df1iW3pMYsZMPt0v6uFv=d4558VzrQ>