lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sun, 22 Jul 2018 06:08:47 +0000
From:   Vakul Garg <vakul.garg@....com>
To:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Query about tls patch

Hi 

I got a query reading patch https://patchwork.ozlabs.org/patch/943442/ (already merged).

[PATCH]: tls: Fix zerocopy_from_iter iov handling

In tls_sw_sendmsg(), if zerocopy_from_iter() fails, we go to fallback_to_reg_send.
Here we first call iov_iter_revert(). But the iov_iter_advance  didn't happen in first place.

Similarly, in zerocopy_from_iter(), if 'revert' is passed as 'true', iov_iter_revert() is called even if iov_iter_advance() never happened (case of error return).

In tls_sw_recvmsg() flow, the iov_iter_revert() is always triggered. 
With revert happening, I am missing the point how the case where multiple records are decrypted into user space buffer with one invocation of 'recvmsg()' happens?
It seems that successively dequeued tls records would get decrypted at same location in the output buffer and keep overwriting the previous one.

Regards

Vakul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ