Re: [PATCH] net: tls: fix possible info leak in tls_set_device_offload()

From: Sabrina Dubroca
Date: Thu Feb 23 2023 - 06:17:20 EST


2023-02-23, 17:05:08 +0800, Hangyu Hua wrote:
> After tls_set_device_offload() fails, we enter tls_set_sw_offload(). But
> tls_set_sw_offload can't set cctx->iv and cctx->rec_seq to NULL if it fails
> before kmalloc cctx->iv. This may cause info leak when we call
> do_tls_getsockopt_conf().

Is there really an issue here?

If both tls_set_device_offload and tls_set_sw_offload fail,
do_tls_setsockopt_conf will clear crypto_{send,recv} from the context.
Then the TLS_CRYPTO_INFO_READY in do_tls_getsockopt_conf will fail, so
we won't try to access iv or rec_seq.

--
Sabrina