diff options
| author | Sabrina Dubroca <[email protected]> | 2025-01-09 22:30:54 +0000 |
|---|---|---|
| committer | Jakub Kicinski <[email protected]> | 2025-01-11 02:34:45 +0000 |
| commit | 06cc8786516f65bf0171402bfc2a4db6818b380b (patch) | |
| tree | 8d1d76cb5df2325dc5f7c135e37659eae2e651f1 /net/tls/tls_main.c | |
| parent | net: ethtool: Use hwprov under rcu_read_lock (diff) | |
| download | kernel-06cc8786516f65bf0171402bfc2a4db6818b380b.tar.gz kernel-06cc8786516f65bf0171402bfc2a4db6818b380b.zip | |
tls: skip setting sk_write_space on rekey
syzbot reported a problem when calling setsockopt(SO_SNDBUF) after a
rekey. SO_SNDBUF calls sk_write_space, ie tls_write_space, which then
calls the original socket's sk_write_space, saved in
ctx->sk_write_space. Rekeys should skip re-assigning
ctx->sk_write_space, so we don't end up with tls_write_space calling
itself.
Fixes: 47069594e67e ("tls: implement rekey for TLS1.3")
Reported-by: [email protected]
Closes: https://lore.kernel.org/netdev/[email protected]/
Tested-by: [email protected]
Signed-off-by: Sabrina Dubroca <[email protected]>
Link: https://patch.msgid.link/ffdbe4de691d1c1eead556bbf42e33ae215304a7.1736436785.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <[email protected]>
Diffstat (limited to 'net/tls/tls_main.c')
| -rw-r--r-- | net/tls/tls_main.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 9ee5a83c5b40..99ca4465f702 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -737,6 +737,10 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval, else ctx->rx_conf = conf; update_sk_prot(sk, ctx); + + if (update) + return 0; + if (tx) { ctx->sk_write_space = sk->sk_write_space; sk->sk_write_space = tls_write_space; |