Fix another long standing softraid crypto bug where if all 32 keys are in

use, when freeing crypto sessions we run straight off the end of the array
and start blatting memory - clearly no one has a softraid crypto volume
that exceeds 15.5TB in size...

diff --git a/sys/dev/softraid_crypto.c b/sys/dev/softraid_crypto.c
index f170914..1994300 100644 (file)
--- a/sys/dev/softraid_crypto.c
+++ b/sys/dev/softraid_crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: softraid_crypto.c,v 1.135 2017/06/12 15:09:07 jsing Exp $ */
+/* $OpenBSD: softraid_crypto.c,v 1.136 2017/06/12 15:15:08 jsing Exp $ */
 /*
  * Copyright (c) 2007 Marco Peereboom <marco@peereboom.us>
  * Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org>
@@ -893,9 +893,11 @@ sr_crypto_free_sessions(struct sr_discipline *sd)
 {
        u_int                   i;
 
-       for (i = 0; sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1; i++) {
-               crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]);
-               sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
+       for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) {
+               if (sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1) {
+                       crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]);
+                       sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
+               }
        }
 }