diff options
author | Vakul Garg <vakul.garg@nxp.com> | 2018-12-21 16:16:52 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-12-21 19:26:54 +0100 |
commit | 65a10e28aee72903a41670170cd5330ad73c490e (patch) | |
tree | 2d84674e27f79bdc7cabcfb63167db3edf892b72 /net/tls | |
parent | ipv6: tunnels: fix two use-after-free (diff) | |
download | linux-65a10e28aee72903a41670170cd5330ad73c490e.tar.xz linux-65a10e28aee72903a41670170cd5330ad73c490e.zip |
tls: Do not call sk_memcopy_from_iter with zero length
In some conditions e.g. when tls_clone_plaintext_msg() returns -ENOSPC,
the number of bytes to be copied using subsequent function
sk_msg_memcopy_from_iter() becomes zero. This causes function
sk_msg_memcopy_from_iter() to fail which in turn causes tls_sw_sendmsg()
to return failure. To prevent it, do not call sk_msg_memcopy_from_iter()
when number of bytes to copy (indicated by 'try_to_copy') is zero.
Fixes: d829e9c4112b ("tls: convert to generic sk_msg interface")
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tls')
-rw-r--r-- | net/tls/tls_sw.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7b1af8b59cd2..29b27858fff1 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -935,10 +935,12 @@ fallback_to_reg_send: tls_ctx->tx.overhead_size); } - ret = sk_msg_memcopy_from_iter(sk, &msg->msg_iter, msg_pl, - try_to_copy); - if (ret < 0) - goto trim_sgl; + if (try_to_copy) { + ret = sk_msg_memcopy_from_iter(sk, &msg->msg_iter, + msg_pl, try_to_copy); + if (ret < 0) + goto trim_sgl; + } /* Open records defined only if successfully copied, otherwise * we would trim the sg but not reset the open record frags. |