tls: rx: strp: fix determining record length in copy mode (8b0c0dc9) · Commits · Mirrors / github.com / raspberrypi_linux · GitLab

Commit 8b0c0dc9 authored May 16, 2023 by

Jakub Kicinski Committed by David S. Miller May 19, 2023

tls: rx: strp: fix determining record length in copy mode



We call tls_rx_msg_size(skb) before doing skb->len += chunk.
So the tls_rx_msg_size() code will see old skb->len, most
likely leading to an over-read.

Worst case we will over read an entire record, next iteration
will try to trim the skb but may end up turning frag len negative
or discarding the subsequent record (since we already told TCP
we've read it during previous read but now we'll trim it out of
the skb).

Fixes: 84c61fe1 ("tls: rx: do not use the standard strparser")
Tested-by: Shai Amiram <samiram@nvidia.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 14c4be92

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit c48b8399
· Jun 08, 2023

mentioned in commit c48b8399

mentioned in commit c48b8399e430860a5b6c0b80c91f09d80c00c1af

Toggle commit list

Please register or to comment