diff options
author | Konstantin Belousov <kib@FreeBSD.org> | 2007-10-08 20:08:34 +0000 |
---|---|---|
committer | Konstantin Belousov <kib@FreeBSD.org> | 2007-10-08 20:08:34 +0000 |
commit | 1649bbbb94899fbdf2aace982f2091fe1bea4677 (patch) | |
tree | 3826e32a5984f757d9e1328fbe423e3fcf0e449e | |
parent | a8efe9e273c6b4d909a0dc5fa058d54587bdf52a (diff) | |
download | src-1649bbbb94899fbdf2aace982f2091fe1bea4677.tar.gz src-1649bbbb94899fbdf2aace982f2091fe1bea4677.zip |
Deny attempt to malloc unbounded amount of the memory.
Convert malloc()/bzero() to malloc(M_ZERO).
Obtained from: OpenBSD
MFC after: 3 days
Approved by: re (kensmith)
Notes
Notes:
svn path=/head/; revision=172474
-rw-r--r-- | sys/opencrypto/cryptodev.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 03071e0181c4..a940a3cd1913 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -590,10 +590,9 @@ cryptodev_key(struct crypt_kop *kop) return (EINVAL); } - krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK); + krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO); if (!krp) return (ENOMEM); - bzero(krp, sizeof *krp); krp->krp_op = kop->crk_op; krp->krp_status = kop->crk_status; krp->krp_iparams = kop->crk_iparams; @@ -602,8 +601,12 @@ cryptodev_key(struct crypt_kop *kop) krp->krp_status = 0; krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb; - for (i = 0; i < CRK_MAXPARAM; i++) + for (i = 0; i < CRK_MAXPARAM; i++) { + if (kop->crk_param[i].crp_nbits > 65536) + /* Limit is the same as in OpenBSD */ + goto fail; krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; + } for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { size = (krp->krp_param[i].crp_nbits + 7) / 8; if (size == 0) |