Module Name: src
Committed By: riastradh
Date: Sat Mar 12 17:15:04 UTC 2022
Modified Files:
src/sys/opencrypto: ocryptodev.c
Log Message:
crypto(4): Refuse count>1 for old CIOCNCRYPTM.
This hasn't worked since it was written in 2009; if anyone cared
surely they would have fixed it by now!
(Fixing this properly -- and putting a more reasonable upper bound
than the maximum that size_t arithmetic allows -- left as an exercise
or the reader.)
Reported-by: syzbot+798d4a16bc15ae885...@syzkaller.appspotmail.com
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/sys/opencrypto/ocryptodev.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/opencrypto/ocryptodev.c
diff -u src/sys/opencrypto/ocryptodev.c:1.16 src/sys/opencrypto/ocryptodev.c:1.17
--- src/sys/opencrypto/ocryptodev.c:1.16 Mon Jan 27 17:09:17 2020
+++ src/sys/opencrypto/ocryptodev.c Sat Mar 12 17:15:04 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: ocryptodev.c,v 1.16 2020/01/27 17:09:17 pgoyette Exp $ */
+/* $NetBSD: ocryptodev.c,v 1.17 2022/03/12 17:15:04 riastradh Exp $ */
/* $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $ */
/* $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $ */
@@ -69,7 +69,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ocryptodev.c,v 1.16 2020/01/27 17:09:17 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ocryptodev.c,v 1.17 2022/03/12 17:15:04 riastradh Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -167,8 +167,7 @@ mbail:
break;
case OCIOCNCRYPTM:
omop = (struct ocrypt_mop *)data;
- if ((omop->count <= 0) ||
- (SIZE_MAX/sizeof(struct ocrypt_n_op) <= omop->count)) {
+ if (omop->count <= 0 || omop->count > 1) {
error = EINVAL;
break;
}
