Fix a bug where this function overflowed it's buffer... This was

causing ZFS panics on boot... This is purely reviewed and tested by peter. Reviewed by: peter Approved by: so (implicit), peter
author: jmg <jmg@FreeBSD.org> 2015-02-17 23:14:26 +0000
committer: jmg <jmg@FreeBSD.org> 2015-02-17 23:14:26 +0000
commit: 22133d08e1c34ad67eca423dfda411921408745d (patch)
tree: a181eaedeac3c390e90a897278d9a269435c3474
parent: e0f41bfbfbd0f70be8370a9117257748ce576169 (diff)
download: FreeBSD-src-22133d08e1c34ad67eca423dfda411921408745d.zip
FreeBSD-src-22133d08e1c34ad67eca423dfda411921408745d.tar.gz
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c
index d6905e8..8c1de99 100644
--- a/sys/dev/random/yarrow.c
+++ b/sys/dev/random/yarrow.c
@@ -432,6 +432,7 @@ reseed(u_int fastslow)
 void
 random_yarrow_read(uint8_t *buf, u_int bytecount)
 {
+	uint8_t tbuf[BLOCKSIZE];
 	u_int blockcount, i;
 
 	/* Check for initial/final read requests */
@@ -448,8 +449,15 @@ random_yarrow_read(uint8_t *buf, u_int bytecount)
 			yarrow_state.outputblocks = 0;
 		}
 		uint128_increment(&yarrow_state.counter.whole);
-		randomdev_encrypt(&yarrow_state.key, yarrow_state.counter.byte, buf, BLOCKSIZE);
-		buf += BLOCKSIZE;
+		if ((i + 1) * BLOCKSIZE > bytecount) {
+			randomdev_encrypt(&yarrow_state.key,
+			    yarrow_state.counter.byte, tbuf, BLOCKSIZE);
+			memcpy(buf, tbuf, bytecount - i * BLOCKSIZE);
+		} else {
+			randomdev_encrypt(&yarrow_state.key,
+			    yarrow_state.counter.byte, buf, BLOCKSIZE);
+			buf += BLOCKSIZE;
+		}
 	}
 
 	mtx_unlock(&random_reseed_mtx);
author	jmg <jmg@FreeBSD.org>	2015-02-17 23:14:26 +0000
committer	jmg <jmg@FreeBSD.org>	2015-02-17 23:14:26 +0000
commit	22133d08e1c34ad67eca423dfda411921408745d (patch)
tree	a181eaedeac3c390e90a897278d9a269435c3474
parent	e0f41bfbfbd0f70be8370a9117257748ce576169 (diff)
download	FreeBSD-src-22133d08e1c34ad67eca423dfda411921408745d.zip FreeBSD-src-22133d08e1c34ad67eca423dfda411921408745d.tar.gz