MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
7a6c2d093c
linux-yocto/net/tls
History
Jiayuan Chen 73fc5d0400 bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls 
[ Upstream commit 178f6a5c8c ]

When sending plaintext data, we initially calculated the corresponding
ciphertext length. However, if we later reduced the plaintext data length
via socket policy, we failed to recalculate the ciphertext length.

This results in transmitting buffers containing uninitialized data during
ciphertext transmission.

This causes uninitialized bytes to be appended after a complete
"Application Data" packet, leading to errors on the receiving end when
parsing TLS record.

Fixes: d3b18ad31f ("tls: add bpf support to sk_msg handling")
Reported-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Jiayuan Chen <jiayuan.chen@linux.dev>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/bpf/20250609020910.397930-2-jiayuan.chen@linux.dev
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-08-28 16:24:07 +02:00
..
Kconfig
Makefile
tls_device_fallback.c
tls_device.c tls: hw: rx: use return value of tls_device_decrypted() to carry status 2024-03-06 14:38:47 +00:00
tls_main.c net: tls: explicitly disallow disconnect 2025-05-02 07:43:52 +02:00
tls_proc.c
tls_sw.c bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls 2025-08-28 16:24:07 +02:00
tls_toe.c
trace.c
trace.h