Date: Fri, 19 Aug 2005 11:23:56 -0400 From: Mike Tancsa <mike@sentex.net> To: Pawel Jakub Dawidek <pjd@FreeBSD.org>, Maxim.Sobolev@portaone.com Cc: FreeBSD-current <freebsd-current@FreeBSD.org> Subject: Re: VIA/ACE PadLock integration with crypto(9). Message-ID: <6.2.3.4.0.20050819111323.0845edd0@64.7.153.2> In-Reply-To: <20050818162016.GC18375@garage.freebsd.pl> References: <6.2.3.4.0.20050812130608.07aaf5f8@64.7.153.2> <20050812181802.GA27996@garage.freebsd.pl> <20050812182032.GB27996@garage.freebsd.pl> <6.2.3.4.0.20050816145557.03314eb8@64.7.153.2> <20050817143804.GH11066@garage.freebsd.pl> <6.2.3.4.0.20050817225907.06f81c50@64.7.153.2> <20050818071648.GA16021@garage.freebsd.pl> <6.2.3.4.0.20050818043546.05558420@64.7.153.2> <20050818115734.GB16933@garage.freebsd.pl> <4304873F.1060008@portaone.com> <20050818162016.GC18375@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:20 PM 18/08/2005, Pawel Jakub Dawidek wrote:
>+>
>+> It probably worth a security advisory.
>
>It's only a local DoS on systems with crypto HW and /dev/crypto.
>Note that /dev/crypto is not needed for fast_ipsec(4) with HW
>acceleration, nor for geli(8).
>Workaround is also very simple:
>
> # chmod 600 /dev/crypto
FYI,
I have been running with the patch on a RELENG_4 box and it
prevents the DoS
v2# ./a.out -z 10 -t 30
a.out: CIOCCRYPT failed: Invalid argument
v2#
--- cryptodev.c.orig Mon Jul 14 17:21:16 2003
+++ cryptodev.c Thu Aug 18 04:21:29 2005
@@ -314,8 +314,10 @@
if (cop->len > 256*1024-4)
return (E2BIG);
- if (cse->txform && (cop->len % cse->txform->blocksize) != 0)
- return (EINVAL);
+ if (cse->txform) {
+ if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0)
+ return (EINVAL);
+ }
bzero(&cse->uio, sizeof(cse->uio));
cse->uio.uio_iovcnt = 1;
Any chance to MFC it back to RELENG_4 ?
---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.3.4.0.20050819111323.0845edd0>