mirror of
https://github.com/opnsense/src.git
synced 2026-06-04 22:32:43 -04:00
ktls: Zero out TLS_GET_RECORD control messages
Otherwise we end up copying one uninitialized byte into the socket buffer. Reported by: KMSAN Reviewed by: jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33953
This commit is contained in:
Mark Johnston
parent
d91d2b513e
commit
6be8944d96
2 changed files with 2 additions and 0 deletions
|
|
@ -1052,6 +1052,7 @@ do_rx_tls_cmp(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m)
|
|||
|
||||
tgr = (struct tls_get_record *)
|
||||
CMSG_DATA(mtod(control, struct cmsghdr *));
|
||||
memset(tgr, 0, sizeof(*tgr));
|
||||
tgr->tls_type = tls_hdr_pkt->type;
|
||||
tgr->tls_vmajor = be16toh(tls_hdr_pkt->version) >> 8;
|
||||
tgr->tls_vminor = be16toh(tls_hdr_pkt->version) & 0xff;
|
||||
|
|
|
|||
|
|
@ -2066,6 +2066,7 @@ ktls_decrypt(struct socket *so)
|
|||
}
|
||||
|
||||
/* Allocate the control mbuf. */
|
||||
memset(&tgr, 0, sizeof(tgr));
|
||||
tgr.tls_type = record_type;
|
||||
tgr.tls_vmajor = hdr->tls_vmajor;
|
||||
tgr.tls_vminor = hdr->tls_vminor;
|
||||
|
|
|
|||
Loading…
Reference in a new issue