mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
Add stricter checking on mac key lengths.
Negative lengths are always invalid. The key length should also be zero for hash algorithms that do not accept a key. admbugs: 949 Reported by: Yuval Kanarenstein <yuvalk@ssd-disclosure.com> Reviewed by: cem MFC after: 1 week Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D23094
This commit is contained in:
parent
dea247463c
commit
5ac518b51f
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=356561
|
@ -585,8 +585,8 @@ cryptof_ioctl(
|
|||
if (thash) {
|
||||
cria.cri_alg = thash->type;
|
||||
cria.cri_klen = sop->mackeylen * 8;
|
||||
if (thash->keysize != 0 &&
|
||||
sop->mackeylen > thash->keysize) {
|
||||
if (sop->mackeylen > thash->keysize ||
|
||||
sop->mackeylen < 0) {
|
||||
CRYPTDEB("invalid mac key length");
|
||||
error = EINVAL;
|
||||
SDT_PROBE1(opencrypto, dev, ioctl, error,
|
||||
|
|
Loading…
Reference in a new issue