diff mbox series

Invalid tls record found.

Message ID 1580818488-8297-1-git-send-email-rohitm@chelsio.com (mailing list archive)
State Not Applicable
Delegated to: Herbert Xu
Headers show
Series Invalid tls record found. | expand

Commit Message

Rohit Maheshwari Feb. 4, 2020, 12:14 p.m. UTC
If tcp sequence number is even before the retransmit hint, then it starts
checking in the list, but if it is even before the first entry of the list,
then also it returns the first record of the list.
This issue can easily happen if tx takes some time to re-tarnsmit a packet
and by the time ack is received. Kernel will clear that record, but
tls_get_record will still give the 1st record from the list.

This fix checks if tcp sequence number is before the first record of the
list, return NULL.

Signed-off-by: Rohit Maheshwari <rohitm@chelsio.com>
---
 net/tls/tls_device.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index cd91ad8..2898517 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -602,7 +602,8 @@  struct tls_record_info *tls_get_record(struct tls_offload_context_tx *context,
 		 */
 		info = list_first_entry_or_null(&context->records_list,
 						struct tls_record_info, list);
-		if (!info)
+		/* return NULL if seq number even before the 1st entry. */
+		if (!info || before(seq, info->end_seq - info->len))
 			return NULL;
 		record_sn = context->unacked_record_sn;
 	}