| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Oct 2023 14:57:29 -0700 From: Frederik Deweerdt <deweerdt.lkml@...il.com> To: kuba@...nel.org Cc: linux-kernel@...r.kernel.org Subject: [PATCH] [RFC] Add missing NULL check in `tls_strp_check_queue_ok` Hi! We see `tls_strp_check_queue_ok` running into a NULL deref when evaluating `TCP_SKB_CB(skb)->seq`. This commit attempts to address the issue by exiting the loop if skb->next is NULL, and has proven stable under load. That said i don't understand the code enough to convince myself that the NULL check is indeed required, and i would be happy gather data if that's useful. Signed-off-by: Frederik Deweerdt <deweerdt.lkml@...il.com> --- net/tls/tls_strp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c index ca1e0e198ceb..cabac0db6445 100644 --- a/net/tls/tls_strp.c +++ b/net/tls/tls_strp.c @@ -441,6 +441,8 @@ static bool tls_strp_check_queue_ok(struct tls_strparser *strp) len -= skb->len; skb = skb->next; + if (!skb) + return false; if (TCP_SKB_CB(skb)->seq != seq) return false; if (skb_cmp_decrypted(first, skb)) -- 2.42.0
Powered by blists - more mailing lists