Hi -security, I work at EMC Isilon and one of our developers has found a race in opencyrpto and provided the attached patch to address it. The situation as explained to me is that the crypto request queue and dequeue operate under CRYPTO_Q_LOCK, along with crypto_invoke and thus crypto processing. Meanwhile crypto_newsession (and thus all driver new session calls) operate under CRYPTO_DRIVER_LOCK. This leads to a situation where resizing of the swcr_sessions array in swcr_newsession can interfere with the use of that array in swcr_process. The attached patch protects the swcr_sessions array with a new rwlock. Could somebody give this a look over and let me know if it?s commitable roughly as is or needs some work? Cheers, Benno. -------------- next part -------------- A non-text attachment was scrubbed... Name: patch-117508.3 Type: application/octet-stream Size: 3808 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140115/64997980/attachment.obj> -------------- next part -------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140115/64997980/attachment.sig>