mirror of
				https://git.proxmox.com/git/mirror_zfs.git
				synced 2025-10-25 17:35:00 +03:00 
			
		
		
		
	|  54c8366e39 In gcm_mode_decrypt_contiguous_blocks(), if vmem_alloc() fails, bcopy is called with a NULL pointer destination and a length > 0. This results in undefined behavior. Further ctx->gcm_pt_buf is freed but not set to NULL, leading to a potential write after free and a double free due to missing return value handling in crypto_update_uio(). The code as is may write to ctx->gcm_pt_buf in gcm_decrypt_final() and may free ctx->gcm_pt_buf again in aes_decrypt_atomic(). The fix is to slightly rework error handling and check the return value in crypto_update_uio(). Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Tom Caputi <tcaputi@datto.com> Reviewed-by: Kjeld Schouten <kjeld@schouten-lebbing.nl> Signed-off-by: Attila Fülöp <attila@fueloep.org> Closes #9659 | ||
|---|---|---|
| .. | ||
| algs | ||
| api | ||
| asm-x86_64 | ||
| core | ||
| include | ||
| io | ||
| os | ||
| spi | ||
| illumos-crypto.c | ||
| Makefile.in | ||