| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180117.161637.1204847813257765450.davem@davemloft.net>
Date: Wed, 17 Jan 2018 16:16:37 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: sd@...asysnail.net
Cc: netdev@...r.kernel.org, borisp@...lanox.com, ilyal@...lanox.com,
aviadye@...lanox.com, davejwatson@...com
Subject: Re: [PATCH net 3/3] tls: reset crypto_info when
do_tls_setsockopt_tx fails
From: Sabrina Dubroca <sd@...asysnail.net>
Date: Tue, 16 Jan 2018 16:04:28 +0100
> The current code copies directly from userspace to ctx->crypto_send, but
> doesn't always reinitialize it to 0 on failure. This causes any
> subsequent attempt to use this setsockopt to fail because of the
> TLS_CRYPTO_INFO_READY check, eventhough crypto_info is not actually
> ready.
>
> This should result in a correctly set up socket after the 3rd call, but
> currently it does not:
>
> size_t s = sizeof(struct tls12_crypto_info_aes_gcm_128);
> struct tls12_crypto_info_aes_gcm_128 crypto_good = {
> .info.version = TLS_1_2_VERSION,
> .info.cipher_type = TLS_CIPHER_AES_GCM_128,
> };
>
> struct tls12_crypto_info_aes_gcm_128 crypto_bad_type = crypto_good;
> crypto_bad_type.info.cipher_type = 42;
>
> setsockopt(sock, SOL_TLS, TLS_TX, &crypto_bad_type, s);
> setsockopt(sock, SOL_TLS, TLS_TX, &crypto_good, s - 1);
> setsockopt(sock, SOL_TLS, TLS_TX, &crypto_good, s);
>
> Fixes: 3c4d7559159b ("tls: kernel TLS support")
> Signed-off-by: Sabrina Dubroca <sd@...asysnail.net>
Applied.
Powered by blists - more mailing lists