mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-16 08:44:21 +08:00
tls: rx: device: bound the frag walk
We can't do skb_walk_frags() on the input skbs, because
the input skbs is really just a pointer to the tcp read
queue. We need to bound the "is decrypted" check by the
amount of data in the message.
Note that the walk in tls_device_reencrypt() is after a
CoW so the skb there is safe to walk. Actually in the
current implementation it can't have frags at all, but
whatever, maybe one day it will.
Reported-by: Tariq Toukan <tariqt@nvidia.com>
Fixes: 84c61fe1a7
("tls: rx: do not use the standard strparser")
Tested-by: Ran Rozenstein <ranro@nvidia.com>
Link: https://lore.kernel.org/r/20220809175544.354343-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
parent
9ad36309e2
commit
86b259f6f8
@ -984,11 +984,17 @@ int tls_device_decrypted(struct sock *sk, struct tls_context *tls_ctx)
|
||||
int is_decrypted = skb->decrypted;
|
||||
int is_encrypted = !is_decrypted;
|
||||
struct sk_buff *skb_iter;
|
||||
int left;
|
||||
|
||||
left = rxm->full_len - skb->len;
|
||||
/* Check if all the data is decrypted already */
|
||||
skb_walk_frags(skb, skb_iter) {
|
||||
skb_iter = skb_shinfo(skb)->frag_list;
|
||||
while (skb_iter && left > 0) {
|
||||
is_decrypted &= skb_iter->decrypted;
|
||||
is_encrypted &= !skb_iter->decrypted;
|
||||
|
||||
left -= skb_iter->len;
|
||||
skb_iter = skb_iter->next;
|
||||
}
|
||||
|
||||
trace_tls_device_decrypted(sk, tcp_sk(sk)->copied_seq - rxm->full_len,
|
||||
|
Loading…
Reference in New Issue
Block a user