Module Name: src Committed By: riastradh Date: Sat Mar 12 17:15:04 UTC 2022
Modified Files: src/sys/opencrypto: ocryptodev.c Log Message: crypto(4): Refuse count>1 for old CIOCNCRYPTM. This hasn't worked since it was written in 2009; if anyone cared surely they would have fixed it by now! (Fixing this properly -- and putting a more reasonable upper bound than the maximum that size_t arithmetic allows -- left as an exercise or the reader.) Reported-by: syzbot+798d4a16bc15ae885...@syzkaller.appspotmail.com To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/sys/opencrypto/ocryptodev.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/opencrypto/ocryptodev.c diff -u src/sys/opencrypto/ocryptodev.c:1.16 src/sys/opencrypto/ocryptodev.c:1.17 --- src/sys/opencrypto/ocryptodev.c:1.16 Mon Jan 27 17:09:17 2020 +++ src/sys/opencrypto/ocryptodev.c Sat Mar 12 17:15:04 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: ocryptodev.c,v 1.16 2020/01/27 17:09:17 pgoyette Exp $ */ +/* $NetBSD: ocryptodev.c,v 1.17 2022/03/12 17:15:04 riastradh Exp $ */ /* $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $ */ /* $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $ */ @@ -69,7 +69,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ocryptodev.c,v 1.16 2020/01/27 17:09:17 pgoyette Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ocryptodev.c,v 1.17 2022/03/12 17:15:04 riastradh Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -167,8 +167,7 @@ mbail: break; case OCIOCNCRYPTM: omop = (struct ocrypt_mop *)data; - if ((omop->count <= 0) || - (SIZE_MAX/sizeof(struct ocrypt_n_op) <= omop->count)) { + if (omop->count <= 0 || omop->count > 1) { error = EINVAL; break; }