HomeFreeBSD
Diffusion FreeBSD src repository 5de79eeddb9d

ktls: Disallow transmitting empty frames outside of TLS 1.0/CBC mode
5de79eeddb9d
Actions

Description

ktls: Disallow transmitting empty frames outside of TLS 1.0/CBC mode

There was nothing preventing one from sending an empty fragment on an
arbitrary KTLS TX-enabled socket, but ktls_frame() asserts that this
could not happen. Though the transmit path handles this case for TLS
1.0 with AES-CBC, we should be strict and allow empty fragments only in
modes where it is explicitly allowed.

Modify sosend_generic() to reject writes to a KTLS-enabled socket if the
number of data bytes is zero, so that userspace cannot trigger the
aforementioned assertion.

Add regression tests to exercise this case.

Reported by: syzkaller
Reviewed by: gallatin, jhb
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34195

Details

Provenance
markjAuthored on Feb 8 2022, 5:36 PM
Reviewer
gallatin
Differential Revision
D34195: ktls: Disallow transmitting empty frames outside of TLS 1.0/CBC mode
Parents
rG300cfb96fc22: file: Make fget*() and getvnode*() consistent about initializing *fpp
Branches
Unknown
Tags
Unknown

Changes (4)

PathSize
sys/
kern/
sys/
tests/
sys/
kern/

rG5de79eeddb9d

View Options

sys/kern/uipc_ktls.c

Loading...
View Options

sys/kern/uipc_socket.c

Loading...
View Options

sys/sys/ktls.h

Loading...
View Options

tests/sys/kern/ktls_test.c

Loading...