From owner-svn-src-stable-10@freebsd.org  Fri May 13 08:25:07 2016
Return-Path: <owner-svn-src-stable-10@freebsd.org>
Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6EB07B39691;
 Fri, 13 May 2016 08:25:07 +0000 (UTC)
 (envelope-from ngie@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4AE4A1966;
 Fri, 13 May 2016 08:25:07 +0000 (UTC)
 (envelope-from ngie@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u4D8P66c061943;
 Fri, 13 May 2016 08:25:06 GMT (envelope-from ngie@FreeBSD.org)
Received: (from ngie@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u4D8P6gr061940;
 Fri, 13 May 2016 08:25:06 GMT (envelope-from ngie@FreeBSD.org)
Message-Id: <201605130825.u4D8P6gr061940@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ngie set sender to
 ngie@FreeBSD.org using -f
From: Garrett Cooper <ngie@FreeBSD.org>
Date: Fri, 13 May 2016 08:25:06 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject: svn commit: r299617 - in stable/10/sys/kgssapi: . krb5
X-SVN-Group: stable-10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-10@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SVN commit messages for only the 10-stable src tree
 <svn-src-stable-10.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-10>, 
 <mailto:svn-src-stable-10-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-10/>
List-Post: <mailto:svn-src-stable-10@freebsd.org>
List-Help: <mailto:svn-src-stable-10-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10>, 
 <mailto:svn-src-stable-10-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2016 08:25:07 -0000

Author: ngie
Date: Fri May 13 08:25:06 2016
New Revision: 299617
URL: https://svnweb.freebsd.org/changeset/base/299617

Log:
  MFC r295134,r298338,r298655:
  
  r295134 (by cem):
  
  kcrypto_aes: Use separate sessions for AES and SHA1
  
  Some hardware supports AES acceleration but not SHA1, e.g., AES-NI
  extensions.  It is useful to have accelerated AES even if SHA1 must be
  software.
  
  Suggested by:	asomers
  
  r298338 (by cem):
  
  kgssapi(4): Don't allow user-provided arguments to overrun stack buffer
  
  An over-long path argument to gssd_syscall could overrun the stack sockaddr_un
  buffer.  Fix gssd_syscall to not permit that.
  
  If an over-long path is provided, gssd_syscall now returns EINVAL.
  
  It looks like PRIV_NFS_DAEMON isn't granted anywhere, so my best guess is that
  this is likely only triggerable by root.
  
  CID:		1006751
  
  r298655 (by cem):
  
  kgssapi: Don't leak memory in error cases
  
  CIDs:		1007046, 1007047, 1007048

Modified:
  stable/10/sys/kgssapi/gss_impl.c
  stable/10/sys/kgssapi/gssd_prot.c
  stable/10/sys/kgssapi/krb5/kcrypto_aes.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/kgssapi/gss_impl.c
==============================================================================
--- stable/10/sys/kgssapi/gss_impl.c	Fri May 13 08:17:42 2016	(r299616)
+++ stable/10/sys/kgssapi/gss_impl.c	Fri May 13 08:25:06 2016	(r299617)
@@ -104,10 +104,12 @@ sys_gssd_syscall(struct thread *td, stru
 	error = copyinstr(uap->path, path, sizeof(path), NULL);
 	if (error)
 		return (error);
+	if (strlen(path) + 1 > sizeof(sun.sun_path))
+		return (EINVAL);
 
 	if (path[0] != '\0') {
 		sun.sun_family = AF_LOCAL;
-		strcpy(sun.sun_path, path);
+		strlcpy(sun.sun_path, path, sizeof(sun.sun_path));
 		sun.sun_len = SUN_LEN(&sun);
 		
 		nconf = getnetconfigent("local");

Modified: stable/10/sys/kgssapi/gssd_prot.c
==============================================================================
--- stable/10/sys/kgssapi/gssd_prot.c	Fri May 13 08:17:42 2016	(r299616)
+++ stable/10/sys/kgssapi/gssd_prot.c	Fri May 13 08:25:06 2016	(r299617)
@@ -101,8 +101,10 @@ xdr_gss_OID(XDR *xdrs, gss_OID *oidp)
 		} else {
 			oid = mem_alloc(sizeof(gss_OID_desc));
 			memset(oid, 0, sizeof(*oid));
-			if (!xdr_gss_OID_desc(xdrs, oid))
+			if (!xdr_gss_OID_desc(xdrs, oid)) {
+				mem_free(oid, sizeof(gss_OID_desc));
 				return (FALSE);
+			}
 			*oidp = oid;
 		}
 		break;
@@ -164,8 +166,10 @@ xdr_gss_OID_set(XDR *xdrs, gss_OID_set *
 		} else {
 			set = mem_alloc(sizeof(gss_OID_set_desc));
 			memset(set, 0, sizeof(*set));
-			if (!xdr_gss_OID_set_desc(xdrs, set))
+			if (!xdr_gss_OID_set_desc(xdrs, set)) {
+				mem_free(set, sizeof(gss_OID_set_desc));
 				return (FALSE);
+			}
 			*setp = set;
 		}
 		break;
@@ -224,8 +228,10 @@ xdr_gss_channel_bindings_t(XDR *xdrs, gs
 			    || !xdr_gss_buffer_desc(xdrs,
 				&ch->acceptor_address)
 			    || !xdr_gss_buffer_desc(xdrs,
-				&ch->application_data))
+				&ch->application_data)) {
+				mem_free(ch, sizeof(*ch));
 				return (FALSE);
+			}
 			*chp = ch;
 		}
 		break;

Modified: stable/10/sys/kgssapi/krb5/kcrypto_aes.c
==============================================================================
--- stable/10/sys/kgssapi/krb5/kcrypto_aes.c	Fri May 13 08:17:42 2016	(r299616)
+++ stable/10/sys/kgssapi/krb5/kcrypto_aes.c	Fri May 13 08:25:06 2016	(r299617)
@@ -43,7 +43,8 @@ __FBSDID("$FreeBSD$");
 
 struct aes_state {
 	struct mtx	as_lock;
-	uint64_t	as_session;
+	uint64_t	as_session_aes;
+	uint64_t	as_session_sha1;
 };
 
 static void
@@ -61,8 +62,10 @@ aes_destroy(struct krb5_key_state *ks)
 {
 	struct aes_state *as = ks->ks_priv;
 
-	if (as->as_session)
-		crypto_freesession(as->as_session);
+	if (as->as_session_aes != 0)
+		crypto_freesession(as->as_session_aes);
+	if (as->as_session_sha1 != 0)
+		crypto_freesession(as->as_session_sha1);
 	mtx_destroy(&as->as_lock);
 	free(ks->ks_priv, M_GSSAPI);
 }
@@ -72,32 +75,35 @@ aes_set_key(struct krb5_key_state *ks, c
 {
 	void *kp = ks->ks_key;
 	struct aes_state *as = ks->ks_priv;
-	struct cryptoini cri[2];
+	struct cryptoini cri;
 
 	if (kp != in)
 		bcopy(in, kp, ks->ks_class->ec_keylen);
 
-	if (as->as_session)
-		crypto_freesession(as->as_session);
-
-	bzero(cri, sizeof(cri));
+	if (as->as_session_aes != 0)
+		crypto_freesession(as->as_session_aes);
+	if (as->as_session_sha1 != 0)
+		crypto_freesession(as->as_session_sha1);
 
 	/*
 	 * We only want the first 96 bits of the HMAC.
 	 */
-	cri[0].cri_alg = CRYPTO_SHA1_HMAC;
-	cri[0].cri_klen = ks->ks_class->ec_keybits;
-	cri[0].cri_mlen = 12;
-	cri[0].cri_key = ks->ks_key;
-	cri[0].cri_next = &cri[1];
-
-	cri[1].cri_alg = CRYPTO_AES_CBC;
-	cri[1].cri_klen = ks->ks_class->ec_keybits;
-	cri[1].cri_mlen = 0;
-	cri[1].cri_key = ks->ks_key;
-	cri[1].cri_next = NULL;
+	bzero(&cri, sizeof(cri));
+	cri.cri_alg = CRYPTO_SHA1_HMAC;
+	cri.cri_klen = ks->ks_class->ec_keybits;
+	cri.cri_mlen = 12;
+	cri.cri_key = ks->ks_key;
+	cri.cri_next = NULL;
+	crypto_newsession(&as->as_session_sha1, &cri,
+	    CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
 
-	crypto_newsession(&as->as_session, cri,
+	bzero(&cri, sizeof(cri));
+	cri.cri_alg = CRYPTO_AES_CBC;
+	cri.cri_klen = ks->ks_class->ec_keybits;
+	cri.cri_mlen = 0;
+	cri.cri_key = ks->ks_key;
+	cri.cri_next = NULL;
+	crypto_newsession(&as->as_session_aes, &cri,
 	    CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
 }
 
@@ -114,7 +120,7 @@ aes_crypto_cb(struct cryptop *crp)
 	int error;
 	struct aes_state *as = (struct aes_state *) crp->crp_opaque;
 	
-	if (CRYPTO_SESID2CAPS(as->as_session) & CRYPTOCAP_F_SYNC)
+	if (CRYPTO_SESID2CAPS(crp->crp_sid) & CRYPTOCAP_F_SYNC)
 		return (0);
 
 	error = crp->crp_etype;
@@ -151,7 +157,7 @@ aes_encrypt_1(const struct krb5_key_stat
 	crd->crd_next = NULL;
 	crd->crd_alg = CRYPTO_AES_CBC;
 
-	crp->crp_sid = as->as_session;
+	crp->crp_sid = as->as_session_aes;
 	crp->crp_flags = buftype | CRYPTO_F_CBIFSYNC;
 	crp->crp_buf = buf;
 	crp->crp_opaque = (void *) as;
@@ -159,7 +165,7 @@ aes_encrypt_1(const struct krb5_key_stat
 
 	error = crypto_dispatch(crp);
 
-	if ((CRYPTO_SESID2CAPS(as->as_session) & CRYPTOCAP_F_SYNC) == 0) {
+	if ((CRYPTO_SESID2CAPS(as->as_session_aes) & CRYPTOCAP_F_SYNC) == 0) {
 		mtx_lock(&as->as_lock);
 		if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
 			error = msleep(crp, &as->as_lock, 0, "gssaes", 0);
@@ -326,7 +332,7 @@ aes_checksum(const struct krb5_key_state
 	crd->crd_next = NULL;
 	crd->crd_alg = CRYPTO_SHA1_HMAC;
 
-	crp->crp_sid = as->as_session;
+	crp->crp_sid = as->as_session_sha1;
 	crp->crp_ilen = inlen;
 	crp->crp_olen = 12;
 	crp->crp_etype = 0;
@@ -337,7 +343,7 @@ aes_checksum(const struct krb5_key_state
 
 	error = crypto_dispatch(crp);
 
-	if ((CRYPTO_SESID2CAPS(as->as_session) & CRYPTOCAP_F_SYNC) == 0) {
+	if ((CRYPTO_SESID2CAPS(as->as_session_sha1) & CRYPTOCAP_F_SYNC) == 0) {
 		mtx_lock(&as->as_lock);
 		if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
 			error = msleep(crp, &as->as_lock, 0, "gssaes", 0);