| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Feb 2020 12:46:30 +0530 From: Rohit Maheshwari <rohitm@...lsio.com> To: davem@...emloft.net, netdev@...r.kernel.org Cc: linux-crypto@...r.kernel.org, Rohit Maheshwari <rohitm@...lsio.com> Subject: [net] net/tls: Fix to avoid gettig invalid tls record Current code doesn't check if tcp sequence number is starting from (/after) 1st record's start sequnce number. It only checks if seq number is before 1st record's end sequnce number. This problem will always be a possibility in re-transmit case. If a record which belongs to a requested seq number is already deleted, tls_get_record will start looking into list and as per the check it will look if seq number is before the end seq of 1st record, which will always be true and will return 1st record always, it should in fact return NULL. Signed-off-by: Rohit Maheshwari <rohitm@...lsio.com> --- net/tls/tls_device.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index cd91ad812291..2898517298bf 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -602,7 +602,8 @@ struct tls_record_info *tls_get_record(struct tls_offload_context_tx *context, */ info = list_first_entry_or_null(&context->records_list, struct tls_record_info, list); - if (!info) + /* return NULL if seq number even before the 1st entry. */ + if (!info || before(seq, info->end_seq - info->len)) return NULL; record_sn = context->unacked_record_sn; } -- 2.25.0.191.gde93cc1
Powered by blists - more mailing lists