| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190409005950.7804-1-jakub.kicinski@netronome.com>
Date: Mon, 8 Apr 2019 17:59:50 -0700
From: Jakub Kicinski <jakub.kicinski@...ronome.com>
To: davem@...emloft.net
Cc: oss-drivers@...ronome.com, netdev@...r.kernel.org,
alexei.starovoitov@...il.com,
Jakub Kicinski <jakub.kicinski@...ronome.com>,
Dirk van der Merwe <dirk.vandermerwe@...ronome.com>,
Simon Horman <simon.horman@...ronome.com>
Subject: [PATCH net] net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded()
Unlike '&&' operator, the '&' does not have short-circuit
evaluation semantics. IOW both sides of the operator always
get evaluated. Fix the wrong operator in
tls_is_sk_tx_device_offloaded(), which would lead to
out-of-bounds access for for non-full sockets.
Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload")
Signed-off-by: Jakub Kicinski <jakub.kicinski@...ronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@...ronome.com>
Reviewed-by: Simon Horman <simon.horman@...ronome.com>
---
include/net/tls.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/net/tls.h b/include/net/tls.h
index a5a938583295..cefc020ffeb4 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -379,7 +379,7 @@ tls_validate_xmit_skb(struct sock *sk, struct net_device *dev,
static inline bool tls_is_sk_tx_device_offloaded(struct sock *sk)
{
#ifdef CONFIG_SOCK_VALIDATE_XMIT
- return sk_fullsock(sk) &
+ return sk_fullsock(sk) &&
(smp_load_acquire(&sk->sk_validate_xmit_skb) ==
&tls_validate_xmit_skb);
#else
--
2.21.0
Powered by blists - more mailing lists