Skip to content

Commit

Permalink
net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded()
Browse files Browse the repository at this point in the history 
Unlike '&&' operator, the '&' does not have short-circuit
evaluation semantics.  IOW both sides of the operator always
get evaluated.  Fix the wrong operator in
tls_is_sk_tx_device_offloaded(), which would lead to
out-of-bounds access for for non-full sockets.

Fixes: 4799ac8 ("tls: Add rx inline crypto offload")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Jakub Kicinski authored and David S. Miller committed Apr 11, 2019
1 parent 8065a77 commit b4f47f3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion include/net/tls.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -381,7 +381,7 @@ tls_validate_xmit_skb(struct sock *sk, struct net_device *dev,
static inline bool tls_is_sk_tx_device_offloaded(struct sock *sk)
{
#ifdef CONFIG_SOCK_VALIDATE_XMIT
return sk_fullsock(sk) &
return sk_fullsock(sk) &&
(smp_load_acquire(&sk->sk_validate_xmit_skb) ==
&tls_validate_xmit_skb);
#else
Expand Down

0 comments on commit b4f47f3

Please sign in to comment.