HomeFreeBSD

cryptosoft: Do not exceed crd_len around *crypt_multi

Description

cryptosoft: Do not exceed crd_len around *crypt_multi

When a caller passes in a uio or mbuf chain that is longer than crd_len, in
tandem with a transform that supports the multi-block interface,
swcr_encdec() would process the entire mbuf or uio instead of just the
portion indicated by crd_len (+ crd_skip).

De/encryption are performed in-place, so this would trash subsequent uio or
mbuf contents.

This was introduced in r331639 (mea culpa). It only affects the
{de,en}crypt_multi() family of interfaces. That interface only has one
consumer transform in-tree (for now): Chacha20.

PR: 227605
Submitted by: Valentin Vergez <valentin.vergez AT stormshield.eu>

Details

Provenance
cemAuthored on
Parents
rS332777: MFC r332079:
Branches
Unknown
Tags
Unknown