* [PATCH] Invalid tls record found.
@ 2020-02-04 12:14 Rohit Maheshwari
0 siblings, 0 replies; only message in thread
From: Rohit Maheshwari @ 2020-02-04 12:14 UTC (permalink / raw)
To: herbert, linux-crypto; +Cc: ilyal, jakub.kicinski, fwteam, Rohit Maheshwari
If tcp sequence number is even before the retransmit hint, then it starts
checking in the list, but if it is even before the first entry of the list,
then also it returns the first record of the list.
This issue can easily happen if tx takes some time to re-tarnsmit a packet
and by the time ack is received. Kernel will clear that record, but
tls_get_record will still give the 1st record from the list.
This fix checks if tcp sequence number is before the first record of the
list, return NULL.
Signed-off-by: Rohit Maheshwari <rohitm@chelsio.com>
---
net/tls/tls_device.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index cd91ad8..2898517 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -602,7 +602,8 @@ struct tls_record_info *tls_get_record(struct tls_offload_context_tx *context,
*/
info = list_first_entry_or_null(&context->records_list,
struct tls_record_info, list);
- if (!info)
+ /* return NULL if seq number even before the 1st entry. */
+ if (!info || before(seq, info->end_seq - info->len))
return NULL;
record_sn = context->unacked_record_sn;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-02-04 12:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-04 12:14 [PATCH] Invalid tls record found Rohit Maheshwari
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).