Date: Fri, 19 Aug 2005 11:23:56 -0400 From: Mike Tancsa <mike@sentex.net> To: Pawel Jakub Dawidek <pjd@FreeBSD.org>, Maxim.Sobolev@portaone.com Cc: FreeBSD-current <freebsd-current@FreeBSD.org> Subject: Re: VIA/ACE PadLock integration with crypto(9). Message-ID: <6.2.3.4.0.20050819111323.0845edd0@64.7.153.2> In-Reply-To: <20050818162016.GC18375@garage.freebsd.pl> References: <6.2.3.4.0.20050812130608.07aaf5f8@64.7.153.2> <20050812181802.GA27996@garage.freebsd.pl> <20050812182032.GB27996@garage.freebsd.pl> <6.2.3.4.0.20050816145557.03314eb8@64.7.153.2> <20050817143804.GH11066@garage.freebsd.pl> <6.2.3.4.0.20050817225907.06f81c50@64.7.153.2> <20050818071648.GA16021@garage.freebsd.pl> <6.2.3.4.0.20050818043546.05558420@64.7.153.2> <20050818115734.GB16933@garage.freebsd.pl> <4304873F.1060008@portaone.com> <20050818162016.GC18375@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:20 PM 18/08/2005, Pawel Jakub Dawidek wrote: >+> >+> It probably worth a security advisory. > >It's only a local DoS on systems with crypto HW and /dev/crypto. >Note that /dev/crypto is not needed for fast_ipsec(4) with HW >acceleration, nor for geli(8). >Workaround is also very simple: > > # chmod 600 /dev/crypto FYI, I have been running with the patch on a RELENG_4 box and it prevents the DoS v2# ./a.out -z 10 -t 30 a.out: CIOCCRYPT failed: Invalid argument v2# --- cryptodev.c.orig Mon Jul 14 17:21:16 2003 +++ cryptodev.c Thu Aug 18 04:21:29 2005 @@ -314,8 +314,10 @@ if (cop->len > 256*1024-4) return (E2BIG); - if (cse->txform && (cop->len % cse->txform->blocksize) != 0) - return (EINVAL); + if (cse->txform) { + if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) + return (EINVAL); + } bzero(&cse->uio, sizeof(cse->uio)); cse->uio.uio_iovcnt = 1; Any chance to MFC it back to RELENG_4 ? ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.3.4.0.20050819111323.0845edd0>