mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-01 00:18:15 +01:00
After crypto_dispatch() bio might be already delivered and destroyed,
so we cannot access it anymore. Setting an error later lead to memory corruption. Assert that crypto_dispatch() was successful. It can fail only if we pass a bogus crypto request, which is a bug in the program, not a runtime condition. PR: 199705 Submitted by: luke.tw Reviewed by: emaste MFC after: 3 days
This commit is contained in:
parent
3c790178c5
commit
5ee9ea19fe
@ -408,8 +408,8 @@ g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp)
|
||||
struct cryptodesc *crde, *crda;
|
||||
u_int i, lsec, nsec, data_secsize, decr_secsize, encr_secsize;
|
||||
off_t dstoff;
|
||||
int err, error;
|
||||
u_char *p, *data, *auth, *authkey, *plaindata;
|
||||
int error;
|
||||
|
||||
G_ELI_LOGREQ(3, bp, "%s", __func__);
|
||||
|
||||
@ -451,7 +451,6 @@ g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp)
|
||||
bp->bio_inbed = 0;
|
||||
bp->bio_children = nsec;
|
||||
|
||||
error = 0;
|
||||
for (i = 1; i <= nsec; i++, dstoff += encr_secsize) {
|
||||
crp = (struct cryptop *)p; p += sizeof(*crp);
|
||||
crde = (struct cryptodesc *)p; p += sizeof(*crde);
|
||||
@ -519,10 +518,8 @@ g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp)
|
||||
crda->crd_klen = G_ELI_AUTH_SECKEYLEN * 8;
|
||||
|
||||
crp->crp_etype = 0;
|
||||
err = crypto_dispatch(crp);
|
||||
if (err != 0 && error == 0)
|
||||
error = err;
|
||||
error = crypto_dispatch(crp);
|
||||
KASSERT(error == 0, ("crypto_dispatch() failed (error=%d)",
|
||||
error));
|
||||
}
|
||||
if (bp->bio_error == 0)
|
||||
bp->bio_error = error;
|
||||
}
|
||||
|
@ -230,10 +230,10 @@ g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp)
|
||||
struct cryptop *crp;
|
||||
struct cryptodesc *crd;
|
||||
u_int i, nsec, secsize;
|
||||
int err, error;
|
||||
off_t dstoff;
|
||||
size_t size;
|
||||
u_char *p, *data;
|
||||
int error;
|
||||
|
||||
G_ELI_LOGREQ(3, bp, "%s", __func__);
|
||||
|
||||
@ -271,7 +271,6 @@ g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp)
|
||||
bcopy(bp->bio_data, data, bp->bio_length);
|
||||
}
|
||||
|
||||
error = 0;
|
||||
for (i = 0, dstoff = bp->bio_offset; i < nsec; i++, dstoff += secsize) {
|
||||
crp = (struct cryptop *)p; p += sizeof(*crp);
|
||||
crd = (struct cryptodesc *)p; p += sizeof(*crd);
|
||||
@ -308,10 +307,8 @@ g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp)
|
||||
crd->crd_next = NULL;
|
||||
|
||||
crp->crp_etype = 0;
|
||||
err = crypto_dispatch(crp);
|
||||
if (error == 0)
|
||||
error = err;
|
||||
error = crypto_dispatch(crp);
|
||||
KASSERT(error == 0, ("crypto_dispatch() failed (error=%d)",
|
||||
error));
|
||||
}
|
||||
if (bp->bio_error == 0)
|
||||
bp->bio_error = error;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user