Attila Fülöp 54c8366e39 ICP: Fix null pointer dereference and use after free ... In gcm_mode_decrypt_contiguous_blocks(), if vmem_alloc() fails, bcopy is called with a NULL pointer destination and a length > 0. This results in undefined behavior. Further ctx->gcm_pt_buf is freed but not set to NULL, leading to a potential write after free and a double free due to missing return value handling in crypto_update_uio(). The code as is may write to ctx->gcm_pt_buf in gcm_decrypt_final() and may free ctx->gcm_pt_buf again in aes_decrypt_atomic(). The fix is to slightly rework error handling and check the return value in crypto_update_uio(). Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Tom Caputi <tcaputi@datto.com> Reviewed-by: Kjeld Schouten <kjeld@schouten-lebbing.nl> Signed-off-by: Attila Fülöp <attila@fueloep.org> Closes #9659		2019-12-03 10:28:47 -08:00
..
avl	Wrap Linux module macros	2019-11-01 10:41:03 -07:00
icp	ICP: Fix null pointer dereference and use after free	2019-12-03 10:28:47 -08:00
lua	Move linux qsort def to platform header	2019-12-03 09:49:40 -08:00
nvpair	Restructure nvlist_nv_alloc to work on FreeBSD	2019-11-30 15:45:06 -08:00
os	Move zfs_cmd_t copyin/copyout to platform code	2019-12-02 10:08:27 -08:00
spl	OpenZFS restructuring - move platform specific sources	2019-09-06 11:26:26 -07:00
unicode	Wrap Linux module macros	2019-11-01 10:41:03 -07:00
zcommon	Increase allowed 'special_small_blocks' maximum value	2019-12-03 09:58:03 -08:00
zfs	Fix use-after-free in case of L2ARC prefetch failure	2019-12-03 09:59:30 -08:00
.gitignore	Adapt gitignore for modules	2019-12-02 13:23:47 -08:00
Makefile.in	module/Makefile.in: don't run xargs if empty	2019-10-08 10:10:23 -07:00