mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2025-01-26 18:04:22 +03:00
Fix bounds check in zio_crypt_do_objset_hmacs
The current bounds check in zio_crypt_do_objset_hmacs() does not properly handle the possible sizes of the objset_phys_t and can therefore read outside the buffer's memory. If that memory happened to match what the check was actually looking for, the objset would fail to be owned, complaining that the MAC was invalid. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes #7210
This commit is contained in:
parent
09302a4ca8
commit
f8478fc2ca
@ -1196,13 +1196,17 @@ zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen,
|
||||
bcopy(raw_portable_mac, portable_mac, ZIO_OBJSET_MAC_LEN);
|
||||
|
||||
/*
|
||||
* The local MAC protects the user and group accounting. If these
|
||||
* objects are not present, the local MAC is zeroed out.
|
||||
* The local MAC protects the user, group and project accounting.
|
||||
* If these objects are not present, the local MAC is zeroed out.
|
||||
*/
|
||||
if (datalen >= OBJSET_PHYS_SIZE_V2 &&
|
||||
if ((datalen >= OBJSET_PHYS_SIZE_V3 &&
|
||||
osp->os_userused_dnode.dn_type == DMU_OT_NONE &&
|
||||
osp->os_groupused_dnode.dn_type == DMU_OT_NONE &&
|
||||
osp->os_projectused_dnode.dn_type == DMU_OT_NONE) {
|
||||
osp->os_projectused_dnode.dn_type == DMU_OT_NONE) ||
|
||||
(datalen >= OBJSET_PHYS_SIZE_V2 &&
|
||||
osp->os_userused_dnode.dn_type == DMU_OT_NONE &&
|
||||
osp->os_groupused_dnode.dn_type == DMU_OT_NONE) ||
|
||||
(datalen <= OBJSET_PHYS_SIZE_V1)) {
|
||||
bzero(local_mac, ZIO_OBJSET_MAC_LEN);
|
||||
return (0);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user