| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <60e2ed41-1c88-3780-e4c4-550cef8f7c91@huawei.com>
Date: Thu, 23 Feb 2023 17:25:13 +0800
From: Yunsheng Lin <linyunsheng@...wei.com>
To: Hangyu Hua <hbh25y@...il.com>, <borisp@...dia.com>,
<john.fastabend@...il.com>, <kuba@...nel.org>,
<davem@...emloft.net>, <edumazet@...gle.com>, <pabeni@...hat.com>
CC: <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] net: tls: fix possible info leak in
tls_set_device_offload()
On 2023/2/23 17:05, Hangyu Hua wrote:
> After tls_set_device_offload() fails, we enter tls_set_sw_offload(). But
> tls_set_sw_offload can't set cctx->iv and cctx->rec_seq to NULL if it fails
> before kmalloc cctx->iv. This may cause info leak when we call
> do_tls_getsockopt_conf().
Should we use kfree_sensitive() here if info leaking is what we want to
avoid?
>
> Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure")
> Signed-off-by: Hangyu Hua <hbh25y@...il.com>
> ---
> net/tls/tls_device.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
> index 6c593788dc25..a63f6f727f58 100644
> --- a/net/tls/tls_device.c
> +++ b/net/tls/tls_device.c
> @@ -1241,8 +1241,10 @@ int tls_set_device_offload(struct sock *sk, struct tls_context *ctx)
> kfree(start_marker_record);
> free_rec_seq:
> kfree(ctx->tx.rec_seq);
> + ctx->tx.rec_seq = NULL;
> free_iv:
> kfree(ctx->tx.iv);
> + ctx->tx.iv = NULL;
> release_netdev:
> dev_put(netdev);
> return rc;
>
Powered by blists - more mailing lists