Skip to content
Commit d91c3e17 authored by Ilya Lesokhin's avatar Ilya Lesokhin Committed by David S. Miller
Browse files

net/tls: Only attach to sockets in ESTABLISHED state 



Calling accept on a TCP socket with a TLS ulp attached results
in two sockets that share the same ulp context.
The ulp context is freed while a socket is destroyed, so
after one of the sockets is released, the second second will
trigger a use after free when it tries to access the ulp context
attached to it.
We restrict the TLS ulp to sockets in ESTABLISHED state
to prevent the scenario above.

Fixes: 3c4d7559 ("tls: kernel TLS support")
Reported-by: default avatar <syzbot+904e7cd6c5c741609228@syzkaller.appspotmail.com>
Signed-off-by: default avatarIlya Lesokhin <ilyal@mellanox.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f8b39039
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment