net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded()

Unlike '&&' operator, the '&' does not have short-circuit evaluation semantics. IOW both sides of the operator always get evaluated. Fix the wrong operator in tls_is_sk_tx_device_offloaded(), which would lead to out-of-bounds access for for non-full sockets. Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload") Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Jakub Kicinski <jakub.kicinski@netronome.com> 2019-04-09 03:59:50 +0300
committer: David S. Miller <davem@davemloft.net> 2019-04-11 08:42:28 +0300
commit: b4f47f3848eb70986f75d06112af7b48b7f5f462 (patch)
tree: 5d92ea30690481c584bb4aa40246f02e592dd50f /include
parent: 8065a779f17e94536a1c4dcee4f9d88011672f97 (diff)
download: linux-b4f47f3848eb70986f75d06112af7b48b7f5f462.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/tls.h b/include/net/tls.h
index c7f7dc344e73..5934246b2c6f 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -381,7 +381,7 @@ tls_validate_xmit_skb(struct sock *sk, struct net_device *dev,
 static inline bool tls_is_sk_tx_device_offloaded(struct sock *sk)
 {
 #ifdef CONFIG_SOCK_VALIDATE_XMIT
-	return sk_fullsock(sk) &
+	return sk_fullsock(sk) &&
 	       (smp_load_acquire(&sk->sk_validate_xmit_skb) ==
 	       &tls_validate_xmit_skb);
 #else
author	Jakub Kicinski <jakub.kicinski@netronome.com>	2019-04-09 03:59:50 +0300
committer	David S. Miller <davem@davemloft.net>	2019-04-11 08:42:28 +0300
commit	b4f47f3848eb70986f75d06112af7b48b7f5f462 (patch)
tree	5d92ea30690481c584bb4aa40246f02e592dd50f /include
parent	8065a779f17e94536a1c4dcee4f9d88011672f97 (diff)
download	linux-b4f47f3848eb70986f75d06112af7b48b7f5f462.tar.xz