At 12:20 PM 18/08/2005, Pawel Jakub Dawidek wrote: >+> >+> It probably worth a security advisory. > >It's only a local DoS on systems with crypto HW and /dev/crypto. >Note that /dev/crypto is not needed for fast_ipsec(4) with HW >acceleration, nor for geli(8). >Workaround is also very simple: > > # chmod 600 /dev/crypto FYI, I have been running with the patch on a RELENG_4 box and it prevents the DoS v2# ./a.out -z 10 -t 30 a.out: CIOCCRYPT failed: Invalid argument v2# --- cryptodev.c.orig Mon Jul 14 17:21:16 2003 +++ cryptodev.c Thu Aug 18 04:21:29 2005 _at__at_ -314,8 +314,10 _at__at_ if (cop->len > 256*1024-4) return (E2BIG); - if (cse->txform && (cop->len % cse->txform->blocksize) != 0) - return (EINVAL); + if (cse->txform) { + if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0) + return (EINVAL); + } bzero(&cse->uio, sizeof(cse->uio)); cse->uio.uio_iovcnt = 1; Any chance to MFC it back to RELENG_4 ? ---MikeReceived on Fri Aug 19 2005 - 13:24:37 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:41 UTC