From f6a8865d24620b33b0409091781aae518f5a3b85 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Mon, 12 Jun 2017 15:15:08 +0000
Subject: [PATCH] Fix another long standing softraid crypto bug where if all 32
 keys are in use, when freeing crypto sessions we run straight off the end of
 the array and start blatting memory - clearly no one has a softraid crypto
 volume that exceeds 15.5TB in size...

---
 sys/dev/softraid_crypto.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/sys/dev/softraid_crypto.c b/sys/dev/softraid_crypto.c
index f170914a2dd..1994300fec1 100644
--- a/sys/dev/softraid_crypto.c
+++ b/sys/dev/softraid_crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: softraid_crypto.c,v 1.135 2017/06/12 15:09:07 jsing Exp $ */
+/* $OpenBSD: softraid_crypto.c,v 1.136 2017/06/12 15:15:08 jsing Exp $ */
 /*
  * Copyright (c) 2007 Marco Peereboom <marco@peereboom.us>
  * Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org>
@@ -893,9 +893,11 @@ sr_crypto_free_sessions(struct sr_discipline *sd)
 {
 	u_int			i;
 
-	for (i = 0; sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1; i++) {
-		crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]);
-		sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
+	for (i = 0; i < SR_CRYPTO_MAXKEYS; i++) {
+		if (sd->mds.mdd_crypto.scr_sid[i] != (u_int64_t)-1) {
+			crypto_freesession(sd->mds.mdd_crypto.scr_sid[i]);
+			sd->mds.mdd_crypto.scr_sid[i] = (u_int64_t)-1;
+		}
 	}
 }
 
-- 
2.20.1