From: jsing Date: Mon, 12 Jun 2017 16:39:51 +0000 (+0000) Subject: Limit the maximum size of softraid crypto volumes that can be created to X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=4fe5a5deb319db7fe86b4f2cdc52c5b6e9aad276;p=openbsd Limit the maximum size of softraid crypto volumes that can be created to the size that is currently supported (a data area of 16TB, or 2^32 * 32 + 528 blocks including the softraid metadata/boot area), rather than successfully creating the volume and then failing during resource allocation (without properly reporting why it failed). Found the hard way by sharon s. --- diff --git a/sys/dev/softraid_crypto.c b/sys/dev/softraid_crypto.c index 1994300fec1..5145caa6e2d 100644 --- a/sys/dev/softraid_crypto.c +++ b/sys/dev/softraid_crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: softraid_crypto.c,v 1.136 2017/06/12 15:15:08 jsing Exp $ */ +/* $OpenBSD: softraid_crypto.c,v 1.137 2017/06/12 16:39:51 jsing Exp $ */ /* * Copyright (c) 2007 Marco Peereboom * Copyright (c) 2008 Hans-Joerg Hoexer @@ -137,7 +137,13 @@ sr_crypto_create(struct sr_discipline *sd, struct bioc_createraid *bc, sr_error(sd->sd_sc, "%s requires exactly one chunk", sd->sd_name); goto done; - } + } + + if (coerced_size > SR_CRYPTO_MAXSIZE) { + sr_error(sd->sd_sc, "%s exceeds maximum size (%lli > %llu)", + sd->sd_name, coerced_size, SR_CRYPTO_MAXSIZE); + goto done; + } /* Create crypto optional metadata. */ omi = malloc(sizeof(struct sr_meta_opt_item), M_DEVBUF, diff --git a/sys/dev/softraidvar.h b/sys/dev/softraidvar.h index 84451149aff..935d868e2eb 100644 --- a/sys/dev/softraidvar.h +++ b/sys/dev/softraidvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: softraidvar.h,v 1.166 2016/12/24 22:49:38 yasuoka Exp $ */ +/* $OpenBSD: softraidvar.h,v 1.167 2017/06/12 16:39:51 jsing Exp $ */ /* * Copyright (c) 2006 Marco Peereboom * Copyright (c) 2008 Chris Kuethe @@ -37,6 +37,8 @@ #define SR_CRYPTO_KDFHINTBYTES 256 /* size of opaque KDF hint */ #define SR_CRYPTO_CHECKBYTES 64 /* size of generic key chksum struct */ #define SR_CRYPTO_KEY_BLKSHIFT 30 /* 0.5TB per key */ +#define SR_CRYPTO_KEY_BLKSIZE (1ULL << SR_CRYPTO_KEY_BLKSHIFT) +#define SR_CRYPTO_MAXSIZE (SR_CRYPTO_KEY_BLKSIZE * SR_CRYPTO_MAXKEYS) /* * sr_crypto_genkdf is a generic hint for the KDF performed in userland and