diff mbox series

[net,v2] chelsio/chtls: fix tls record info to user

Message ID 20201022190556.21308-1-vinay.yadav@chelsio.com
State Accepted
Delegated to: David Miller
Headers show
Series [net,v2] chelsio/chtls: fix tls record info to user | expand

Checks

Context Check Description
jkicinski/cover_letter success Link
jkicinski/fixes_present success Link
jkicinski/patch_count success Link
jkicinski/tree_selection success Clearly marked for net
jkicinski/subject_prefix success Link
jkicinski/source_inline success Was 0 now: 0
jkicinski/verify_signedoff success Link
jkicinski/module_param success Was 0 now: 0
jkicinski/build_32bit success Errors and warnings before: 0 this patch: 0
jkicinski/kdoc success Errors and warnings before: 0 this patch: 0
jkicinski/verify_fixes success Link
jkicinski/checkpatch success total: 0 errors, 0 warnings, 0 checks, 21 lines checked
jkicinski/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
jkicinski/header_inline success Link
jkicinski/stable success Stable not CCed

Commit Message

Vinay Kumar Yadav Oct. 22, 2020, 7:05 p.m. UTC 
chtls_pt_recvmsg() receives a skb with tls header and subsequent
skb with data, need to finalize the data copy whenever next skb
with tls header is available. but here current tls header is
overwritten by next available tls header, ends up corrupting
user buffer data. fixing it by finalizing current record whenever
next skb contains tls header.

v1->v2:
- Improved commit message.

Fixes: 17a7d24aa89d ("crypto: chtls - generic handling of data and hdr")
Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
---
 .../net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Jakub Kicinski Oct. 24, 2020, 1:36 a.m. UTC | #1 
On Fri, 23 Oct 2020 00:35:57 +0530 Vinay Kumar Yadav wrote:
> chtls_pt_recvmsg() receives a skb with tls header and subsequent
> skb with data, need to finalize the data copy whenever next skb
> with tls header is available. but here current tls header is
> overwritten by next available tls header, ends up corrupting
> user buffer data. fixing it by finalizing current record whenever
> next skb contains tls header.
> 
> v1->v2:
> - Improved commit message.
> 
> Fixes: 17a7d24aa89d ("crypto: chtls - generic handling of data and hdr")
> Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com>

Applied.
diff mbox series

Patch

diff --git a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c
index 9fb5ca6682ea..a5dcc576ba3c 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c
@@ -1585,6 +1585,7 @@  static int chtls_pt_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
 			tp->urg_data = 0;
 
 		if ((avail + offset) >= skb->len) {
+			struct sk_buff *next_skb;
 			if (ULP_SKB_CB(skb)->flags & ULPCB_FLAG_TLS_HDR) {
 				tp->copied_seq += skb->len;
 				hws->rcvpld = skb->hdr_len;
@@ -1595,9 +1596,12 @@  static int chtls_pt_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
 			chtls_free_skb(sk, skb);
 			buffers_freed++;
 			hws->copied_seq = 0;
-			if (copied >= target &&
-			    !skb_peek(&sk->sk_receive_queue))
+			next_skb = skb_peek(&sk->sk_receive_queue);
+			if (copied >= target && !next_skb)
 				break;
+			if (ULP_SKB_CB(next_skb)->flags & ULPCB_FLAG_TLS_HDR)
+				break;
+
 		}
 	} while (len > 0);