kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   a07f7ac44cacae01a70ddaee4b6440c9e8a59054
  2.   patches.suse
  3.   net-tls-avoid-NULL-pointer-deref-on-nskb-sk-in-fallb.patch
Blob Blame History Raw 
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Mon, 29 Apr 2019 12:19:12 -0700
Subject: net/tls: avoid NULL pointer deref on nskb->sk in fallback
Patch-mainline: v5.1
Git-commit: 2dcb003314032c6efb13a065ffae60d164b2dd35
References: bsc#1109837

update_chksum() accesses nskb->sk before it has been set
by complete_skb(), move the init up.

Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
 net/tls/tls_device_fallback.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/net/tls/tls_device_fallback.c
+++ b/net/tls/tls_device_fallback.c
@@ -200,12 +200,14 @@ static void complete_skb(struct sk_buff
 
 	skb_put(nskb, skb->len);
 	memcpy(nskb->data, skb->data, headln);
-	update_chksum(nskb, headln);
 
 	nskb->destructor = skb->destructor;
 	nskb->sk = sk;
 	skb->destructor = NULL;
 	skb->sk = NULL;
+
+	update_chksum(nskb, headln);
+
 	delta = nskb->truesize - skb->truesize;
 	if (likely(delta < 0))
 		WARN_ON_ONCE(atomic_sub_and_test(-delta, &sk->sk_wmem_alloc));
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.