tls: splice_read: fix record type check

stable inclusion from stable-v5.10.83 commit 22156242b1042d5cce74f1bd20db541abdd2ecd7 bugzilla: 185879 https://gitee.com/openeuler/kernel/issues/I4QUVG Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=22156242b1042d5cce74f1bd20db541abdd2ecd7 -------------------------------- [ Upstream commit 520493f6 ] We don't support splicing control records. TLS 1.3 changes moved the record type check into the decrypt if(). The skb may already be decrypted and still be an alert. Note that decrypt_skb_update() is idempotent and updates ctx->decrypted so the if() is pointless. Reorder the check for decryption errors with the content type check while touching them. This part is not really a bug, because if decryption failed in TLS 1.3 content type will be DATA, and for TLS 1.2 it will be correct. Nevertheless its strange to touch output before checking if the function has failed. Fixes: fedf201e ("net: tls: Refactor control message handling on recv") Signed-off-by: N Jakub Kicinski <kuba@kernel.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Chen Jun <chenjun102@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

tls: splice_read: fix record type check
stable inclusion from stable-v5.10.83 commit 22156242b1042d5cce74f1bd20db541abdd2ecd7 bugzilla: 185879 https://gitee.com/openeuler/kernel/issues/I4QUVG Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=22156242b1042d5cce74f1bd20db541abdd2ecd7 -------------------------------- [ Upstream commit 520493f6 ] We don't support splicing control records. TLS 1.3 changes moved the record type check into the decrypt if(). The skb may already be decrypted and still be an alert. Note that decrypt_skb_update() is idempotent and updates ctx->decrypted so the if() is pointless. Reorder the check for decryption errors with the content type check while touching them. This part is not really a bug, because if decryption failed in TLS 1.3 content type will be DATA, and for TLS 1.2 it will be correct. Nevertheless its strange to touch output before checking if the function has failed. Fixes: fedf201e ("net: tls: Refactor control message handling on recv") Signed-off-by: N Jakub Kicinski <kuba@kernel.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Chen Jun <chenjun102@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
98bc1786 · Jakub Kicinski · Zheng Zengkai · 0430b8db · 98bc1786
隐藏空白更改
内联并排

Showing with 10 addition and 13 deletion

net/tls/tls_sw.c net/tls/tls_sw.c +10 -13

未找到文件。
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2007,21 +2007,18 @@ ssize_t tls_sw_splice_read(struct socket *sock,  loff_t *ppos,
 	if (!skb)
 		goto splice_read_end;

-	if (!ctx->decrypted) {
-		err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc, false);
-
-		/* splice does not support reading control messages */
-		if (ctx->control != TLS_RECORD_TYPE_DATA) {
-			err = -EINVAL;
-			goto splice_read_end;
-		}
+	err = decrypt_skb_update(sk, skb, NULL, &chunk, &zc, false);
+	if (err < 0) {
+		tls_err_abort(sk, -EBADMSG);
+		goto splice_read_end;
+	}

-		if (err < 0) {
-			tls_err_abort(sk, -EBADMSG);
-			goto splice_read_end;
-		}
-		ctx->decrypted = 1;
+	/* splice does not support reading control messages */
+	if (ctx->control != TLS_RECORD_TYPE_DATA) {
+		err = -EINVAL;
+		goto splice_read_end;
 	}
+
 	rxm = strp_msg(skb);

 	chunk = min_t(unsigned int, rxm->full_len, len);