[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZUAmyb44sy309V6H@urola>
Date: Mon, 30 Oct 2023 14:57:29 -0700
From: Frederik Deweerdt <deweerdt.lkml@...il.com>
To: kuba@...nel.org
Cc: linux-kernel@...r.kernel.org
Subject: [PATCH] [RFC] Add missing NULL check in `tls_strp_check_queue_ok`
Hi!
We see `tls_strp_check_queue_ok` running into a NULL deref when
evaluating `TCP_SKB_CB(skb)->seq`.
This commit attempts to address the issue by exiting the loop if
skb->next is NULL, and has proven stable under load.
That said i don't understand the code enough to convince myself that
the NULL check is indeed required, and i would be happy gather data if
that's useful.
Signed-off-by: Frederik Deweerdt <deweerdt.lkml@...il.com>
---
net/tls/tls_strp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index ca1e0e198ceb..cabac0db6445 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -441,6 +441,8 @@ static bool tls_strp_check_queue_ok(struct tls_strparser *strp)
len -= skb->len;
skb = skb->next;
+ if (!skb)
+ return false;
if (TCP_SKB_CB(skb)->seq != seq)
return false;
if (skb_cmp_decrypted(first, skb))
--
2.42.0
Powered by blists - more mailing lists