| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Nov 2019 22:44:13 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: jakub.kicinski@...ronome.com
Cc: john.fastabend@...il.com, netdev@...r.kernel.org,
oss-drivers@...ronome.com, borisp@...lanox.com,
aviadye@...lanox.com, daniel@...earbox.net
Subject: Re: [PATCH net 0/8] net: tls: fix scatter-gather list issues
From: Jakub Kicinski <jakub.kicinski@...ronome.com>
Date: Wed, 27 Nov 2019 12:16:38 -0800
> This series kicked of by a syzbot report fixes three issues around
> scatter gather handling in the TLS code. First patch fixes a use-
> -after-free situation which may occur if record was freed on error.
> This could have already happened in BPF paths, and patch 2 now makes
> the same condition occur in non-BPF code.
>
> Patch 2 fixes the problem spotted by syzbot. If encryption failed
> we have to clean the end markings from scatter gather list. As
> suggested by John the patch frees the record entirely and caller
> may retry copying data from user space buffer again.
>
> Third patch fixes a bug in the TLS 1.3 code spotted while working
> on patch 2. TLS 1.3 may effectively overflow the SG list which
> leads to the BUG() in sg_page() being triggered.
>
> Patch 4 adds a test case which triggers this bug reliably.
>
> Next two patches are small cleanups of dead code and code which
> makes dangerous assumptions.
>
> Last but not least two minor improvements to the sockmap tests.
...
Series applied and queued up for -stable, thanks Jakub.
Powered by blists - more mailing lists