aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKonstantin Belousov <kib@FreeBSD.org>2007-10-08 20:08:34 +0000
committerKonstantin Belousov <kib@FreeBSD.org>2007-10-08 20:08:34 +0000
commit1649bbbb94899fbdf2aace982f2091fe1bea4677 (patch)
tree3826e32a5984f757d9e1328fbe423e3fcf0e449e
parenta8efe9e273c6b4d909a0dc5fa058d54587bdf52a (diff)
downloadsrc-1649bbbb94899fbdf2aace982f2091fe1bea4677.tar.gz
src-1649bbbb94899fbdf2aace982f2091fe1bea4677.zip
Deny attempt to malloc unbounded amount of the memory.
Convert malloc()/bzero() to malloc(M_ZERO). Obtained from: OpenBSD MFC after: 3 days Approved by: re (kensmith)
Notes
Notes: svn path=/head/; revision=172474
Diffstat
-rw-r--r--sys/opencrypto/cryptodev.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c
index 03071e0181c4..a940a3cd1913 100644
--- a/sys/opencrypto/cryptodev.c
+++ b/sys/opencrypto/cryptodev.c
@@ -590,10 +590,9 @@ cryptodev_key(struct crypt_kop *kop)
return (EINVAL);
}
- krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK);
+ krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO);
if (!krp)
return (ENOMEM);
- bzero(krp, sizeof *krp);
krp->krp_op = kop->crk_op;
krp->krp_status = kop->crk_status;
krp->krp_iparams = kop->crk_iparams;
@@ -602,8 +601,12 @@ cryptodev_key(struct crypt_kop *kop)
krp->krp_status = 0;
krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb;
- for (i = 0; i < CRK_MAXPARAM; i++)
+ for (i = 0; i < CRK_MAXPARAM; i++) {
+ if (kop->crk_param[i].crp_nbits > 65536)
+ /* Limit is the same as in OpenBSD */
+ goto fail;
krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
+ }
for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
size = (krp->krp_param[i].crp_nbits + 7) / 8;
if (size == 0)
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-22 09:39:16 +0000