diff options
| author | pjd <pjd@FreeBSD.org> | 2005-08-18 11:58:03 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2005-08-18 11:58:03 +0000 |
| commit | 1a4683ef596488b888df309fbc94d247aed637aa (patch) | |
| tree | a426bf14ae6dd3b75fc71b0f6db37facddabb2ea /sys/opencrypto/cryptodev.c | |
| parent | 8b915afa8a2e89bd421d31b0a375d04fcf37edaa (diff) | |
| download | FreeBSD-src-1a4683ef596488b888df309fbc94d247aed637aa.zip FreeBSD-src-1a4683ef596488b888df309fbc94d247aed637aa.tar.gz | |
Fix bogus check. It was possible to panic the kernel by giving 0 length.
This is actually a local DoS, as every user can use /dev/crypto if there
is crypto hardware in the system and cryptodev.ko is loaded (or compiled
into the kernel).
Reported by: Mike Tancsa <mike@sentex.net>
MFC after: 1 day
Diffstat (limited to 'sys/opencrypto/cryptodev.c')
| -rw-r--r-- | sys/opencrypto/cryptodev.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 1a33fc0..e0b779d 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -336,8 +336,10 @@ cryptodev_op( if (cop->len > 256*1024-4) return (E2BIG); - if (cse->txform && (cop->len % cse->txform->blocksize) != 0) - return (EINVAL); + if (cse->txform) { + if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) + return (EINVAL); + } cse->uio.uio_iov = &cse->iovec; cse->uio.uio_iovcnt = 1; |
