From patchwork Sun Nov 15 04:16:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vadim Fedorenko X-Patchwork-Id: 11905981 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AD21C2D0E4 for ; Sun, 15 Nov 2020 04:18:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B16F22242E for ; Sun, 15 Nov 2020 04:18:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=novek.ru header.i=@novek.ru header.b="XsIL0vPE" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726635AbgKOEQQ (ORCPT ); Sat, 14 Nov 2020 23:16:16 -0500 Received: from novek.ru ([213.148.174.62]:39138 "EHLO novek.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726630AbgKOEQQ (ORCPT ); Sat, 14 Nov 2020 23:16:16 -0500 Received: from nat1.ooonet.ru (gw.zelenaya.net [91.207.137.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by novek.ru (Postfix) with ESMTPSA id F23955010FE; Sun, 15 Nov 2020 07:16:17 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 novek.ru F23955010FE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=novek.ru; s=mail; t=1605413781; bh=7h+mctl9RC+hvOoZDcuzFUCrdJWeJ3LyZ5pfzIdinNQ=; h=From:To:Cc:Subject:Date:From; b=XsIL0vPEOkGzCzUg0BQQWiG6OQsE3DLKSM/XUGcAyTt4C2eqVoMwwyxrrh7iFr0LF RgtLZQ7K4+DN+nV7K2OA7g7mH0CZNfTRFO2KxWqZdiE7uXQWaHJhMAr6pRcm502TDh 8Uz/cdCTftVctKQ5iHETgXMIqBAeEnpHnI0Y5TRc= From: Vadim Fedorenko To: Jakub Kicinski , Boris Pismenny , Aviad Yehezkel Cc: Vadim Fedorenko , netdev@vger.kernel.org Subject: [net v2] net/tls: fix corrupted data in recvmsg Date: Sun, 15 Nov 2020 07:16:00 +0300 Message-Id: <1605413760-21153-1-git-send-email-vfedorenko@novek.ru> X-Mailer: git-send-email 1.8.3.1 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org If tcp socket has more data than Encrypted Handshake Message then tls_sw_recvmsg will try to decrypt next record instead of returning full control message to userspace as mentioned in comment. The next message - usually Application Data - gets corrupted because it uses zero copy for decryption that's why the data is not stored in skb for next iteration. Revert check to not decrypt next record if current is not Application Data. Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records") Signed-off-by: Vadim Fedorenko --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 95ab5545..2fe9e2c 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1913,7 +1913,7 @@ int tls_sw_recvmsg(struct sock *sk, * another message type */ msg->msg_flags |= MSG_EOR; - if (ctx->control != TLS_RECORD_TYPE_DATA) + if (control != TLS_RECORD_TYPE_DATA) goto recv_end; } else { break;