CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	ngie <ngie@FreeBSD.org>
	Fri, 13 May 2016 08:25:06 +0000 (08:25 +0000)
committer	ngie <ngie@FreeBSD.org>
	Fri, 13 May 2016 08:25:06 +0000 (08:25 +0000)
commit	29310b2c8f33351be0a1fdf7ee237bc3ebc2991d
tree	fd4039ca7dd089b8b2de97635d1fe61ee193ca4f	tree \| snapshot
parent	8d808d7b779a395d962236552309cbafe956a3d2	commit \| diff

MFC r295134,r298338,r298655:

r295134 (by cem):

kcrypto_aes: Use separate sessions for AES and SHA1

Some hardware supports AES acceleration but not SHA1, e.g., AES-NI
extensions. It is useful to have accelerated AES even if SHA1 must be
software.

Suggested by: asomers

r298338 (by cem):

kgssapi(4): Don't allow user-provided arguments to overrun stack buffer

An over-long path argument to gssd_syscall could overrun the stack sockaddr_un
buffer. Fix gssd_syscall to not permit that.

If an over-long path is provided, gssd_syscall now returns EINVAL.

It looks like PRIV_NFS_DAEMON isn't granted anywhere, so my best guess is that
this is likely only triggerable by root.

CID: 1006751

r298655 (by cem):

kgssapi: Don't leak memory in error cases

CIDs: 1007046, 1007047, 1007048

sys/kgssapi/gss_impl.c		diff \| blob \| history
sys/kgssapi/gssd_prot.c		diff \| blob \| history
sys/kgssapi/krb5/kcrypto_aes.c		diff \| blob \| history