It's a bad idea to pass really long user provided lengths to malloc. Index: softraid_crypto.c =================================================================== RCS file: /home/tedu/cvs/src/sys/dev/softraid_crypto.c,v retrieving revision 1.70 diff -u -p -r1.70 softraid_crypto.c --- softraid_crypto.c 5 Jul 2011 19:02:47 -0000 1.70 +++ softraid_crypto.c 6 Jul 2011 22:45:43 -0000 @@ -392,7 +392,7 @@ sr_crypto_get_kdf(struct bioc_createraid return (rv); if (bc->bc_opaque == NULL) return (rv); - if (bc->bc_opaque_size < sizeof(*kdfinfo)) + if (bc->bc_opaque_size != sizeof(*kdfinfo)) return (rv); kdfinfo = malloc(bc->bc_opaque_size, M_DEVBUF, M_WAITOK | M_ZERO);