softraid crypto kdf

Ted Unangst Wed, 06 Jul 2011 16:36:55 -0700

It's a bad idea to pass really long user provided lengths to malloc.

Index: softraid_crypto.c
===================================================================
RCS file: /home/tedu/cvs/src/sys/dev/softraid_crypto.c,v
retrieving revision 1.70
diff -u -p -r1.70 softraid_crypto.c
--- softraid_crypto.c   5 Jul 2011 19:02:47 -0000       1.70
+++ softraid_crypto.c   6 Jul 2011 22:45:43 -0000
@@ -392,7 +392,7 @@ sr_crypto_get_kdf(struct bioc_createraid
                return (rv);
        if (bc->bc_opaque == NULL)
                return (rv);
-       if (bc->bc_opaque_size < sizeof(*kdfinfo))
+       if (bc->bc_opaque_size != sizeof(*kdfinfo))
                return (rv);
 
        kdfinfo = malloc(bc->bc_opaque_size, M_DEVBUF, M_WAITOK | M_ZERO);

softraid crypto kdf

Reply via email to