From owner-freebsd-current@FreeBSD.ORG Fri Aug 19 15:24:37 2005 Return-Path: X-Original-To: freebsd-current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4205B16A41F; Fri, 19 Aug 2005 15:24:37 +0000 (GMT) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93E3443D45; Fri, 19 Aug 2005 15:24:36 +0000 (GMT) (envelope-from mike@sentex.net) Received: from pumice6.sentex.ca (pumice6.sentex.ca [64.7.153.21]) by smarthost1.sentex.ca (8.13.3/8.13.3) with ESMTP id j7JFOZaH006985; Fri, 19 Aug 2005 11:24:35 -0400 (EDT) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by pumice6.sentex.ca (8.13.3/8.13.3) with ESMTP id j7JFOZQg033479; Fri, 19 Aug 2005 11:24:35 -0400 (EDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.3/8.13.3) with ESMTP id j7JFOXAs073721 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 19 Aug 2005 11:24:34 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.2.3.4.0.20050819111323.0845edd0@64.7.153.2> X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4 Date: Fri, 19 Aug 2005 11:23:56 -0400 To: Pawel Jakub Dawidek , Maxim.Sobolev@portaone.com From: Mike Tancsa In-Reply-To: <20050818162016.GC18375@garage.freebsd.pl> References: <6.2.3.4.0.20050812130608.07aaf5f8@64.7.153.2> <20050812181802.GA27996@garage.freebsd.pl> <20050812182032.GB27996@garage.freebsd.pl> <6.2.3.4.0.20050816145557.03314eb8@64.7.153.2> <20050817143804.GH11066@garage.freebsd.pl> <6.2.3.4.0.20050817225907.06f81c50@64.7.153.2> <20050818071648.GA16021@garage.freebsd.pl> <6.2.3.4.0.20050818043546.05558420@64.7.153.2> <20050818115734.GB16933@garage.freebsd.pl> <4304873F.1060008@portaone.com> <20050818162016.GC18375@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Scanned-By: MIMEDefang 2.51 on 64.7.153.18 X-Scanned-By: MIMEDefang 2.51 on 64.7.153.21 Cc: FreeBSD-current Subject: Re: VIA/ACE PadLock integration with crypto(9). X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Aug 2005 15:24:37 -0000 At 12:20 PM 18/08/2005, Pawel Jakub Dawidek wrote: >+> >+> It probably worth a security advisory. > >It's only a local DoS on systems with crypto HW and /dev/crypto. >Note that /dev/crypto is not needed for fast_ipsec(4) with HW >acceleration, nor for geli(8). >Workaround is also very simple: > > # chmod 600 /dev/crypto FYI, I have been running with the patch on a RELENG_4 box and it prevents the DoS v2# ./a.out -z 10 -t 30 a.out: CIOCCRYPT failed: Invalid argument v2# --- cryptodev.c.orig Mon Jul 14 17:21:16 2003 +++ cryptodev.c Thu Aug 18 04:21:29 2005 @@ -314,8 +314,10 @@ if (cop->len > 256*1024-4) return (E2BIG); - if (cse->txform && (cop->len % cse->txform->blocksize) != 0) - return (EINVAL); + if (cse->txform) { + if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) + return (EINVAL); + } bzero(&cse->uio, sizeof(cse->uio)); cse->uio.uio_iovcnt = 1; Any chance to MFC it back to RELENG_4 ? ---Mike