]>
Commit | Line | Data |
---|---|---|
0ee3da53 GKH |
1 | From foo@baz Sat Apr 20 16:43:09 CEST 2019 |
2 | From: Jakub Kicinski <jakub.kicinski@netronome.com> | |
3 | Date: Mon, 8 Apr 2019 17:59:50 -0700 | |
4 | Subject: net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() | |
5 | ||
6 | From: Jakub Kicinski <jakub.kicinski@netronome.com> | |
7 | ||
8 | [ Upstream commit b4f47f3848eb70986f75d06112af7b48b7f5f462 ] | |
9 | ||
10 | Unlike '&&' operator, the '&' does not have short-circuit | |
11 | evaluation semantics. IOW both sides of the operator always | |
12 | get evaluated. Fix the wrong operator in | |
13 | tls_is_sk_tx_device_offloaded(), which would lead to | |
14 | out-of-bounds access for for non-full sockets. | |
15 | ||
16 | Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload") | |
17 | Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> | |
18 | Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> | |
19 | Reviewed-by: Simon Horman <simon.horman@netronome.com> | |
20 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
21 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
22 | --- | |
23 | include/net/tls.h | 2 +- | |
24 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
25 | ||
26 | --- a/include/net/tls.h | |
27 | +++ b/include/net/tls.h | |
28 | @@ -366,7 +366,7 @@ tls_validate_xmit_skb(struct sock *sk, s | |
29 | static inline bool tls_is_sk_tx_device_offloaded(struct sock *sk) | |
30 | { | |
31 | #ifdef CONFIG_SOCK_VALIDATE_XMIT | |
32 | - return sk_fullsock(sk) & | |
33 | + return sk_fullsock(sk) && | |
34 | (smp_load_acquire(&sk->sk_validate_xmit_skb) == | |
35 | &tls_validate_xmit_skb); | |
36 | #else |