| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 20 Apr 2019 20:39:00 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: jakub.kicinski@...ronome.com
Cc: netdev@...r.kernel.org, oss-drivers@...ronome.com,
alexei.starovoitov@...il.com, davejwatson@...com,
borisp@...lanox.com, aviadye@...lanox.com,
dirk.vandermerwe@...ronome.com
Subject: Re: [PATCH net] net/tls: don't leak IV and record seq when offload
fails
From: Jakub Kicinski <jakub.kicinski@...ronome.com>
Date: Fri, 19 Apr 2019 16:52:19 -0700
> When device refuses the offload in tls_set_device_offload_rx()
> it calls tls_sw_free_resources_rx() to clean up software context
> state.
>
> Unfortunately, tls_sw_free_resources_rx() does not free all
> the state tls_set_sw_offload() allocated - it leaks IV and
> sequence number buffers. All other code paths which lead to
> tls_sw_release_resources_rx() (which tls_sw_free_resources_rx()
> calls) free those right before the call.
>
> Avoid the leak by moving freeing of iv and rec_seq into
> tls_sw_release_resources_rx().
>
> Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload")
> Signed-off-by: Jakub Kicinski <jakub.kicinski@...ronome.com>
> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@...ronome.com>
Also applied and queued up for -stable, thanks.
Powered by blists - more mailing lists