summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Kicinski <kuba@kernel.org>2021-11-25 02:25:52 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2021-12-01 11:19:07 +0300
commit22156242b1042d5cce74f1bd20db541abdd2ecd7 (patch)
treea381b61ba748c6033fc063294bf3d9a124e4d6ba
parent3b6c71c097daff9dd724cd306042045d18fd6b03 (diff)
downloadlinux-22156242b1042d5cce74f1bd20db541abdd2ecd7.tar.xz
tls: splice_read: fix record type check
[ Upstream commit 520493f66f6822551aef2879cd40207074fe6980 ] We don't support splicing control records. TLS 1.3 changes moved the record type check into the decrypt if(). The skb may already be decrypted and still be an alert. Note that decrypt_skb_update() is idempotent and updates ctx->decrypted so the if() is pointless. Reorder the check for decryption errors with the content type check while touching them. This part is not really a bug, because if decryption failed in TLS 1.3 content type will be DATA, and for TLS 1.2 it will be correct. Nevertheless its strange to touch output before checking if the function has failed. Fixes: fedf201e1296 ("net: tls: Refactor control message handling on recv") Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
-rw-r--r--net/tls/tls_sw.c23
1 files changed, 10 insertions, 13 deletions
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 14cce61160a5..122d5daed8b6 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2007,21 +2007,18 @@ ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos,
if (!skb)
goto splice_read_end;
- if (!ctx->decrypted) {
- err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc, false);
-
- /* splice does not support reading control messages */
- if (ctx->control != TLS_RECORD_TYPE_DATA) {
- err = -EINVAL;
- goto splice_read_end;
- }
+ err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc, false);
+ if (err < 0) {
+ tls_err_abort(sk, -EBADMSG);
+ goto splice_read_end;
+ }
- if (err < 0) {
- tls_err_abort(sk, -EBADMSG);
- goto splice_read_end;
- }
- ctx->decrypted = 1;
+ /* splice does not support reading control messages */
+ if (ctx->control != TLS_RECORD_TYPE_DATA) {
+ err = -EINVAL;
+ goto splice_read_end;
}
+
rxm = strp_msg(skb);
chunk = min_t(unsigned int, rxm->full_len, len);