| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250212025351.380-1-vulab@iscas.ac.cn>
Date: Wed, 12 Feb 2025 10:53:50 +0800
From: Wentao Liang <vulab@...as.ac.cn>
To: borisp@...dia.com,
john.fastabend@...il.com,
kuba@...nel.org,
Alexandre Torgue <alexandre.torgue@...s.st.com>,
pabeni@...hat.com,
edumazet@...gle.com,
horms@...nel.org
Cc: linux-kernel@...r.kernel.org,
netdev@...r.kernel.org,
Wentao Liang <vulab@...as.ac.cn>,
stable@...r.kernel.org
Subject: [PATCH] tls: Check return value of get_cipher_desc in fill_sg_out
The function get_cipher_desc() may return NULL if the cipher type is
invalid or unsupported. In fill_sg_out(), the return value is used
without any checks, which could lead to a NULL pointer dereference.
This patch adds a DEBUG_NET_WARN_ON_ONCE check to ensure that
cipher_desc is valid and offloadable before proceeding. This prevents
potential crashes and provides a clear warning in debug builds.
Fixes: 8db44ab26beb ("tls: rename tls_cipher_size_desc to tls_cipher_desc")
Cc: stable@...r.kernel.org # 6.6+
Signed-off-by: Wentao Liang <vulab@...as.ac.cn>
---
net/tls/tls_device_fallback.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/tls/tls_device_fallback.c b/net/tls/tls_device_fallback.c
index f9e3d3d90dcf..0f93a0833ec2 100644
--- a/net/tls/tls_device_fallback.c
+++ b/net/tls/tls_device_fallback.c
@@ -306,6 +306,7 @@ static void fill_sg_out(struct scatterlist sg_out[3], void *buf,
{
const struct tls_cipher_desc *cipher_desc =
get_cipher_desc(tls_ctx->crypto_send.info.cipher_type);
+ DEBUG_NET_WARN_ON_ONCE(!cipher_desc || !cipher_desc->offloadable);
sg_set_buf(&sg_out[0], dummy_buf, sync_size);
sg_set_buf(&sg_out[1], nskb->data + tcp_payload_offset, payload_len);
--
2.42.0.windows.2
Powered by blists - more mailing lists