svn commit: r318245 - stable/11/sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Fri May 12 18:01:06 UTC 2017
Author: jhb
Date: Fri May 12 18:01:05 2017
New Revision: 318245
URL: https://svnweb.freebsd.org/changeset/base/318245
Log:
MFC 316510: Don't leak a session and lock if a GMAC key has an invalid length.
Modified:
stable/11/sys/opencrypto/cryptosoft.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/opencrypto/cryptosoft.c
==============================================================================
--- stable/11/sys/opencrypto/cryptosoft.c Fri May 12 17:40:34 2017 (r318244)
+++ stable/11/sys/opencrypto/cryptosoft.c Fri May 12 18:01:05 2017 (r318245)
@@ -930,8 +930,11 @@ swcr_newsession(device_t dev, u_int32_t
axf = &auth_hash_nist_gmac_aes_256;
auth4common:
len = cri->cri_klen / 8;
- if (len != 16 && len != 24 && len != 32)
+ if (len != 16 && len != 24 && len != 32) {
+ swcr_freesession_locked(dev, i);
+ rw_runlock(&swcr_sessions_lock);
return EINVAL;
+ }
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
More information about the svn-src-stable-11
mailing list