diff options
author | Jakub Kicinski <jakub.kicinski@netronome.com> | 2019-04-08 17:59:50 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-04-10 22:42:28 -0700 |
commit | b4f47f3848eb70986f75d06112af7b48b7f5f462 (patch) | |
tree | 5d92ea30690481c584bb4aa40246f02e592dd50f /include | |
parent | 8065a779f17e94536a1c4dcee4f9d88011672f97 (diff) | |
download | linux-b4f47f3848eb70986f75d06112af7b48b7f5f462.tar.bz2 |
net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded()
Unlike '&&' operator, the '&' does not have short-circuit
evaluation semantics. IOW both sides of the operator always
get evaluated. Fix the wrong operator in
tls_is_sk_tx_device_offloaded(), which would lead to
out-of-bounds access for for non-full sockets.
Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/tls.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/tls.h b/include/net/tls.h index c7f7dc344e73..5934246b2c6f 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -381,7 +381,7 @@ tls_validate_xmit_skb(struct sock *sk, struct net_device *dev, static inline bool tls_is_sk_tx_device_offloaded(struct sock *sk) { #ifdef CONFIG_SOCK_VALIDATE_XMIT - return sk_fullsock(sk) & + return sk_fullsock(sk) && (smp_load_acquire(&sk->sk_validate_xmit_skb) == &tls_validate_xmit_skb); #else |