Re: [PATCH] net: tls: fix possible info leak in tls_set_device_offload()
From: Yunsheng Lin
Date: Thu Feb 23 2023 - 04:25:50 EST
On 2023/2/23 17:05, Hangyu Hua wrote:
> After tls_set_device_offload() fails, we enter tls_set_sw_offload(). But
> tls_set_sw_offload can't set cctx->iv and cctx->rec_seq to NULL if it fails
> before kmalloc cctx->iv. This may cause info leak when we call
> do_tls_getsockopt_conf().
Should we use kfree_sensitive() here if info leaking is what we want to
avoid?
>
> Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure")
> Signed-off-by: Hangyu Hua <hbh25y@xxxxxxxxx>
> ---
> net/tls/tls_device.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
> index 6c593788dc25..a63f6f727f58 100644
> --- a/net/tls/tls_device.c
> +++ b/net/tls/tls_device.c
> @@ -1241,8 +1241,10 @@ int tls_set_device_offload(struct sock *sk, struct tls_context *ctx)
> kfree(start_marker_record);
> free_rec_seq:
> kfree(ctx->tx.rec_seq);
> + ctx->tx.rec_seq = NULL;
> free_iv:
> kfree(ctx->tx.iv);
> + ctx->tx.iv = NULL;
> release_netdev:
> dev_put(netdev);
> return rc;
>