]> git.ipfire.org Git - thirdparty/openssl.git/commit
ktls_read_record(): Harden linux recv path
authorJoshua Rogers <MegaManSec@users.noreply.github.com>
Sat, 11 Oct 2025 06:19:28 +0000 (14:19 +0800)
committerTomas Mraz <tomas@openssl.org>
Thu, 11 Dec 2025 11:45:42 +0000 (12:45 +0100)
commit21d4585718a235a412115ca5c2dcdc2fe8932b61
treefa7f2103ec71350a58b23e1a42419d8fdd180530
parent996d50da8fac4938fd910af96389c1e67ff1cb11
ktls_read_record(): Harden linux recv path

- drop tag subtraction in recv buffer sizing
- enforce MSG_EOR and reject MSG_CTRUNC
- zero prepended header bytes before recvmsg

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28861)
include/internal/ktls.h