Date: Fri, 1 Oct 2021 14:09:02 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: d04c12765cfa - stable/13 - opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC Message-ID: <202110011409.191E92DG077341@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=d04c12765cfa2bf0f33f7489d48843648073ce06 commit d04c12765cfa2bf0f33f7489d48843648073ce06 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2021-09-24 19:04:45 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2021-10-01 14:08:30 +0000 opencrypto: Disallow requests which pass VERIFY_DIGEST without a MAC Otherwise we can end up comparing the computed digest with an uninitialized kernel buffer. In cryptoaead_op() we already unconditionally fail the request if a pointer to a digest buffer is not specified. Based on a patch by Simran Kathpalia. Reported by: syzkaller Reviewed by: jhb Pull Request: https://github.com/freebsd/freebsd-src/pull/529 (cherry picked from commit 7c2f227a17ded0934c5941c7911797edb7d770a2) --- sys/opencrypto/cryptodev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 45146284642b..61f8f332e1ca 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -943,7 +943,7 @@ cryptodev_op(struct csession *cse, const struct crypt_op *cop) dst += cse->ivsize; } - if (cop->mac != NULL && crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { + if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { error = copyin(cop->mac, cod->buf + crp->crp_digest_start, cse->hashsize); if (error) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202110011409.191E92DG077341>