Re: [PATCH] net: tls: fix possible info leak in tls_set_device_offload()

From: Hangyu Hua
Date: Thu Feb 23 2023 - 22:33:43 EST

Next message: Al Viro: "[git pull] vfs.git namespace stuff"
Previous message: KP Singh: "Re: [PATCH v2 2/2] Documentation/hw-vuln: Document the interaction between IBRS and STIBP"
In reply to: Hangyu Hua: "Re: [PATCH] net: tls: fix possible info leak in tls_set_device_offload()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 24/2/2023 11:07, Hangyu Hua wrote:

On 23/2/2023 19:15, Sabrina Dubroca wrote:

2023-02-23, 17:05:08 +0800, Hangyu Hua wrote:

After tls_set_device_offload() fails, we enter tls_set_sw_offload(). But
tls_set_sw_offload can't set cctx->iv and cctx->rec_seq to NULL if it fails
before kmalloc cctx->iv. This may cause info leak when we call
do_tls_getsockopt_conf().

Is there really an issue here?

If both tls_set_device_offload and tls_set_sw_offload fail,
do_tls_setsockopt_conf will clear crypto_{send,recv} from the context.
Then the TLS_CRYPTO_INFO_READY in do_tls_getsockopt_conf will fail, so
we won't try to access iv or rec_seq.

My bad. I forget memzero_explicit. Then this is harmless. But I still think it is better to set them to NULL like tls_set_sw_offload's error path because we don't know there are another way to do this(I will change the commit log). What do you think?

Like a rare case, there is a race condition between
do_tls_getsockopt_conf and do_tls_setsockopt_conf while the previous
condition is met. TLS_CRYPTO_INFO_READY(crypto_info) is not
protected by lock_sock in do_tls_getsockopt_conf. It's just too
difficult to satisfy both conditions at the same time.

Next message: Al Viro: "[git pull] vfs.git namespace stuff"
Previous message: KP Singh: "Re: [PATCH v2 2/2] Documentation/hw-vuln: Document the interaction between IBRS and STIBP"
In reply to: Hangyu Hua: "Re: [PATCH] net: tls: fix possible info leak in tls_set_device_offload()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]