From owner-svn-src-all@freebsd.org Mon May 16 07:12:05 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8092DB3C2D2; Mon, 16 May 2016 07:12:05 +0000 (UTC) (envelope-from arybchik@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4F2A31C10; Mon, 16 May 2016 07:12:05 +0000 (UTC) (envelope-from arybchik@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u4G7C4Yv075834; Mon, 16 May 2016 07:12:04 GMT (envelope-from arybchik@FreeBSD.org) Received: (from arybchik@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u4G7C4Q4075833; Mon, 16 May 2016 07:12:04 GMT (envelope-from arybchik@FreeBSD.org) Message-Id: <201605160712.u4G7C4Q4075833@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: arybchik set sender to arybchik@FreeBSD.org using -f From: Andrew Rybchenko Date: Mon, 16 May 2016 07:12:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r299911 - head/sys/dev/sfxge/common X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 May 2016 07:12:05 -0000 Author: arybchik Date: Mon May 16 07:12:04 2016 New Revision: 299911 URL: https://svnweb.freebsd.org/changeset/base/299911 Log: sfxge(4): fix license validation check for V3 licenses Length consistency checks were failing for ECC hashes. Submitted by: Richard Houldsworth Sponsored by: Solarflare Communications, Inc. MFC after: 1 week Modified: head/sys/dev/sfxge/common/efx_lic.c Modified: head/sys/dev/sfxge/common/efx_lic.c ============================================================================== --- head/sys/dev/sfxge/common/efx_lic.c Mon May 16 07:00:49 2016 (r299910) +++ head/sys/dev/sfxge/common/efx_lic.c Mon May 16 07:12:04 2016 (r299911) @@ -1103,7 +1103,6 @@ fail1: /* V3 format uses Huntington TLV format partition. See SF-108797-SW */ #define EFX_LICENSE_V3_KEY_LENGTH_MIN (64) #define EFX_LICENSE_V3_KEY_LENGTH_MAX (160) -#define EFX_LICENSE_V3_HASH_LENGTH (64) __checkReturn efx_rc_t efx_lic_v3_find_start( @@ -1169,16 +1168,17 @@ efx_lic_v3_validate_key( goto fail1; } - key_type = ((uint8_t*)keyp)[0]; - key_length = ((uint8_t*)keyp)[1] + EFX_LICENSE_V3_HASH_LENGTH; - - if(key_length > EFX_LICENSE_V3_KEY_LENGTH_MAX) { + if (length > EFX_LICENSE_V3_KEY_LENGTH_MAX) { goto fail2; } + + key_type = ((uint8_t*)keyp)[0]; + key_length = ((uint8_t*)keyp)[1]; + if (key_type < 3) { goto fail3; } - if (key_length != length) { + if (key_length > length) { goto fail4; } return (B_TRUE);