| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230511012034.902782-2-kuba@kernel.org>
Date: Wed, 10 May 2023 18:20:28 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: tariqt@...dia.com
Cc: netdev@...r.kernel.org,
Jakub Kicinski <kuba@...nel.org>
Subject: [RFC / RFT net 1/7] tls: rx: device: fix checking decryption status
skb->len covers the entire skb, including the frag_list.
In fact we're guaranteed that rxm->full_len <= skb->len,
so since the change under Fixes we were not checking decrypt
status of any skb but the first.
Note that the skb_pagelen() added here may feel a bit costly,
but it's removed by subsequent fixes, anyway.
Reported-by: Tariq Toukan <tariqt@...dia.com>
Fixes: 86b259f6f888 ("tls: rx: device: bound the frag walk")
Signed-off-by: Jakub Kicinski <kuba@...nel.org>
---
net/tls/tls_device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index a7cc4f9faac2..3b87c7b04ac8 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -1012,7 +1012,7 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx)
struct sk_buff *skb_iter;
int left;
- left = rxm->full_len - skb->len;
+ left = rxm->full_len + rxm->offset - skb_pagelen(skb);
/* Check if all the data is decrypted already */
skb_iter = skb_shinfo(skb)->frag_list;
while (skb_iter && left > 0) {
--
2.40.1
Powered by blists - more mailing lists