git: b7806e7bae20 - stable/13 - ktls: Zero out TLS_GET_RECORD control messages
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 19 Jul 2022 14:09:29 UTC
The branch stable/13 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=b7806e7bae20553d479bc96fdfe7ae735072b9bd
commit b7806e7bae20553d479bc96fdfe7ae735072b9bd
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-01-20 20:42:46 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-07-19 13:53:41 +0000
ktls: Zero out TLS_GET_RECORD control messages
Otherwise we end up copying one uninitialized byte into the socket
buffer.
Reported by: KMSAN
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 6be8944d96d2cb5938b69c63b483efa616eafb56)
---
sys/dev/cxgbe/tom/t4_tls.c | 1 +
sys/kern/uipc_ktls.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/sys/dev/cxgbe/tom/t4_tls.c b/sys/dev/cxgbe/tom/t4_tls.c
index fdd6d43c796b..97bf3a016fb2 100644
--- a/sys/dev/cxgbe/tom/t4_tls.c
+++ b/sys/dev/cxgbe/tom/t4_tls.c
@@ -2157,6 +2157,7 @@ do_rx_tls_cmp(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m)
tgr = (struct tls_get_record *)
CMSG_DATA(mtod(control, struct cmsghdr *));
+ memset(tgr, 0, sizeof(*tgr));
tgr->tls_type = tls_hdr_pkt->type;
tgr->tls_vmajor = be16toh(tls_hdr_pkt->version) >> 8;
tgr->tls_vminor = be16toh(tls_hdr_pkt->version) & 0xff;
diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index f6190e24a6b2..f60d5e0948d0 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -1986,6 +1986,7 @@ ktls_decrypt(struct socket *so)
}
/* Allocate the control mbuf. */
+ memset(&tgr, 0, sizeof(tgr));
tgr.tls_type = record_type;
tgr.tls_vmajor = hdr->tls_vmajor;
tgr.tls_vminor = hdr->tls_vminor;