mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-22 17:01:14 +00:00
tls: Avoid copying crypto_info again after cipher_type check.
commit196c31b4b5
upstream. Avoid copying crypto_info again after cipher_type check to avoid a TOCTOU exploits. The temporary array on the stack is removed as we don't really need it Fixes:3c4d755915
('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> [bwh: Backported to 4.14: Preserve changes made by earlier backports of "tls: return -EBUSY if crypto_info is already set" and "tls: zero the crypto information from tls_context before freeing"] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
797b8bb47f
commit
93f16446c8
1 changed files with 16 additions and 21 deletions
|
@ -381,7 +381,7 @@ static int tls_getsockopt(struct sock *sk, int level, int optname,
|
|||
static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval,
|
||||
unsigned int optlen)
|
||||
{
|
||||
struct tls_crypto_info *crypto_info, tmp_crypto_info;
|
||||
struct tls_crypto_info *crypto_info;
|
||||
struct tls_context *ctx = tls_get_ctx(sk);
|
||||
int rc = 0;
|
||||
int tx_conf;
|
||||
|
@ -391,38 +391,33 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval,
|
|||
goto out;
|
||||
}
|
||||
|
||||
rc = copy_from_user(&tmp_crypto_info, optval, sizeof(*crypto_info));
|
||||
if (rc) {
|
||||
rc = -EFAULT;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* check version */
|
||||
if (tmp_crypto_info.version != TLS_1_2_VERSION) {
|
||||
rc = -ENOTSUPP;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* get user crypto info */
|
||||
crypto_info = &ctx->crypto_send.info;
|
||||
|
||||
/* Currently we don't support set crypto info more than one time */
|
||||
if (TLS_CRYPTO_INFO_READY(crypto_info)) {
|
||||
rc = -EBUSY;
|
||||
goto out;
|
||||
}
|
||||
|
||||
switch (tmp_crypto_info.cipher_type) {
|
||||
rc = copy_from_user(crypto_info, optval, sizeof(*crypto_info));
|
||||
if (rc) {
|
||||
rc = -EFAULT;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* check version */
|
||||
if (crypto_info->version != TLS_1_2_VERSION) {
|
||||
rc = -ENOTSUPP;
|
||||
goto err_crypto_info;
|
||||
}
|
||||
|
||||
switch (crypto_info->cipher_type) {
|
||||
case TLS_CIPHER_AES_GCM_128: {
|
||||
if (optlen != sizeof(struct tls12_crypto_info_aes_gcm_128)) {
|
||||
rc = -EINVAL;
|
||||
goto err_crypto_info;
|
||||
}
|
||||
rc = copy_from_user(
|
||||
crypto_info,
|
||||
optval,
|
||||
sizeof(struct tls12_crypto_info_aes_gcm_128));
|
||||
|
||||
rc = copy_from_user(crypto_info + 1, optval + sizeof(*crypto_info),
|
||||
optlen - sizeof(*crypto_info));
|
||||
if (rc) {
|
||||
rc = -EFAULT;
|
||||
goto err_crypto_info;
|
||||
|
|
Loading…
Reference in a new issue