[PATCH] net/tls: move version check after second userspace fetch

From: Meng Xu
Date: Sun Sep 24 2017 - 11:15:09 EST

Next message: Meng Xu: "mptfusion: holding wrong mutex due to iocnum mismatch"
Previous message: Johannes Berg: "Re: [PATCH] mac80211: aead api to reduce redundancy"
Next in thread: David Miller: "Re: [PATCH] net/tls: move version check after second userspace fetch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Even the userspace buffer optval passed the version check
(i.e., tmp_crypto_info.version == TLS_1_2_VERSION) after the first fetch,
it can still be changed before the second copy_from_user() and hence,
a version different than TLS_1_2_VERSION may be copied into crypto_info.
This patch moves the version check after the second userspace fetch.

Signed-off-by: Meng Xu <mengxu.gatech@xxxxxxxxx>
---
net/tls/tls_main.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 60aff60..d4a7bc6 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -354,12 +354,6 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval,
goto out;
}

- /* check version */
- if (tmp_crypto_info.version != TLS_1_2_VERSION) {
- rc = -ENOTSUPP;
- goto out;
- }
-
/* get user crypto info */
crypto_info = &ctx->crypto_send;

@@ -382,6 +376,12 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval,
rc = -EFAULT;
goto err_crypto_info;
}
+
+ /* check version */
+ if (crypto_info->version != TLS_1_2_VERSION) {
+ rc = -ENOTSUPP;
+ goto err_crypto_info;
+ }
break;
}
default:
--
2.7.4

Next message: Meng Xu: "mptfusion: holding wrong mutex due to iocnum mismatch"
Previous message: Johannes Berg: "Re: [PATCH] mac80211: aead api to reduce redundancy"
Next in thread: David Miller: "Re: [PATCH] net/tls: move version check after second userspace fetch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]