From: jsing <jsing@openbsd.org>
Date: Mon, 12 Jun 2017 15:15:08 +0000 (+0000)
Subject: Fix another long standing softraid crypto bug where if all 32 keys are in
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f6a8865d24620b33b0409091781aae518f5a3b85;p=openbsd

Fix another long standing softraid crypto bug where if all 32 keys are in
use, when freeing crypto sessions we run straight off the end of the array
and start blatting memory - clearly no one has a softraid crypto volume
that exceeds 15.5TB in size...
---

diff --git a/sys/dev/softraid_crypto.c b/sys/dev/softraid_crypto.c
index f170914a2dd..1994300fec1 100644
--- a/sys/dev/softraid_crypto.c
+++ b/sys/dev/softraid_crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: softraid_crypto.c,v 1.135 2017/06/12 15:09:07 jsing Exp $ */
+/* $OpenBSD: softraid_crypto.c,v 1.136 2017/06/12 15:15:08 jsing Exp $ */
 /*
  * Copyright (c) 2007 Marco Peereboom <marco@peereboom.us>
  * Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org>
@@ -893,9 +893,11 @@ sr_crypto_free_sessions(struct sr_discipline *sd)
 {
 	u_int			i;
 
-	for (i = 0; sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1; i++) {
-		crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]);
-		sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
+	for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) {
+		if (sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1) {
+			crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]);
+			sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
+		}
 	}
 }