Re: [PATCH] net: tls: fix possible info leak in tls_set_device_offload()

From: Sabrina Dubroca
Date: Thu Feb 23 2023 - 06:17:20 EST

Next message: Michael Wu: "Re: [PATCH] HID: usbhid: enable remote wakeup for mice"
Previous message: Krzysztof Kozlowski: "Re: [PATCH] arm: Drop CONFIG_MTD_M25P80 in various defconfig files"
In reply to: Yunsheng Lin: "Re: [PATCH] net: tls: fix possible info leak in tls_set_device_offload()"
Next in thread: Hangyu Hua: "Re: [PATCH] net: tls: fix possible info leak in tls_set_device_offload()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2023-02-23, 17:05:08 +0800, Hangyu Hua wrote:
> After tls_set_device_offload() fails, we enter tls_set_sw_offload(). But
> tls_set_sw_offload can't set cctx->iv and cctx->rec_seq to NULL if it fails
> before kmalloc cctx->iv. This may cause info leak when we call
> do_tls_getsockopt_conf().

Is there really an issue here?

If both tls_set_device_offload and tls_set_sw_offload fail,
do_tls_setsockopt_conf will clear crypto_{send,recv} from the context.
Then the TLS_CRYPTO_INFO_READY in do_tls_getsockopt_conf will fail, so
we won't try to access iv or rec_seq.

--
Sabrina

Next message: Michael Wu: "Re: [PATCH] HID: usbhid: enable remote wakeup for mice"
Previous message: Krzysztof Kozlowski: "Re: [PATCH] arm: Drop CONFIG_MTD_M25P80 in various defconfig files"
In reply to: Yunsheng Lin: "Re: [PATCH] net: tls: fix possible info leak in tls_set_device_offload()"
Next in thread: Hangyu Hua: "Re: [PATCH] net: tls: fix possible info leak in tls_set_device_offload()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]