From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D96DC64E69 for ; Mon, 23 Nov 2020 13:18:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B90D92075A for ; Mon, 23 Nov 2020 13:18:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="aqwiO4df" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731774AbgKWNRS (ORCPT ); Mon, 23 Nov 2020 08:17:18 -0500 Received: from mail.kernel.org ([198.145.29.99]:55296 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732911AbgKWMmZ (ORCPT ); Mon, 23 Nov 2020 07:42:25 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BC6592065E; Mon, 23 Nov 2020 12:42:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1606135344; bh=bOAFKfOaeoeA2qAaBIP8Jdk1qhz1J3msR6k6vv4kSZc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aqwiO4dfUIKoS5di13uzbtEdG1eCxLJReM8KRQug2pG8yxyFgjxSagmAjWaQyLNIw 9rznrWMfz1zTilUTrIbXQ0mUsMdbsas6p7ui9ThJeyKC/3YchwYejfXIVHDoimc2F2 RIZRMoLbxFNs24z9cyDikNAOczgdvWqW1tr/tJrk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Vadim Fedorenko , Jakub Kicinski Subject: [PATCH 5.9 034/252] net/tls: fix corrupted data in recvmsg Date: Mon, 23 Nov 2020 13:19:44 +0100 Message-Id: <20201123121837.234443583@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201123121835.580259631@linuxfoundation.org> References: <20201123121835.580259631@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Vadim Fedorenko [ Upstream commit 3fe16edf6767decd640fa2654308bc64f8d656dc ] If tcp socket has more data than Encrypted Handshake Message then tls_sw_recvmsg will try to decrypt next record instead of returning full control message to userspace as mentioned in comment. The next message - usually Application Data - gets corrupted because it uses zero copy for decryption that's why the data is not stored in skb for next iteration. Revert check to not decrypt next record if current is not Application Data. Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records") Signed-off-by: Vadim Fedorenko Link: https://lore.kernel.org/r/1605413760-21153-1-git-send-email-vfedorenko@novek.ru Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1913,7 +1913,7 @@ pick_next_record: * another message type */ msg->msg_flags |= MSG_EOR; - if (ctx->control != TLS_RECORD_TYPE_DATA) + if (control != TLS_RECORD_TYPE_DATA) goto recv_end; } else { break;