net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded()

[ Upstream commit b4f47f3848eb70986f75d06112af7b48b7f5f462 ] Unlike '&&' operator, the '&' does not have short-circuit evaluation semantics. IOW both sides of the operator always get evaluated. Fix the wrong operator in tls_is_sk_tx_device_offloaded(), which would lead to out-of-bounds access for for non-full sockets. Fixes: 4799ac81 ("tls: Add rx inline crypto offload") Signed-off-by: N Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: N Dirk van der Merwe <dirk.vandermerwe@netronome.com> Reviewed-by: N Simon Horman <simon.horman@netronome.com> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded()
[ Upstream commit b4f47f3848eb70986f75d06112af7b48b7f5f462 ] Unlike '&&' operator, the '&' does not have short-circuit evaluation semantics. IOW both sides of the operator always get evaluated. Fix the wrong operator in tls_is_sk_tx_device_offloaded(), which would lead to out-of-bounds access for for non-full sockets. Fixes: 4799ac81 ("tls: Add rx inline crypto offload") Signed-off-by: N Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: N Dirk van der Merwe <dirk.vandermerwe@netronome.com> Reviewed-by: N Simon Horman <simon.horman@netronome.com> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>
785833b9 · Jakub Kicinski · Greg Kroah-Hartman · 7cfddb81 · 785833b9
显示空白变更内容
内联并排

Showing with 1 addition and 1 deletion

include/net/tls.h include/net/tls.h +1 -1

未找到文件。
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -317,7 +317,7 @@ tls_validate_xmit_skb(struct sock *sk, struct net_device *dev,
 static inline bool tls_is_sk_tx_device_offloaded(struct sock *sk)
 {
 #ifdef CONFIG_SOCK_VALIDATE_XMIT
-	return sk_fullsock(sk) &
+	return sk_fullsock(sk) &&
 	       (smp_load_acquire(&sk->sk_validate_xmit_skb) ==
 	       &tls_validate_xmit_skb);
 #else