gnutls/gnutls-3.8.0-ktls-Do-not-return-GNUTLS_E_INTERRUPTED-AGAIN-from-s.patch

From 21c386860f1973344872eec4e4dd68644b1b48aa Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 10 Mar 2023 11:15:19 +0000
Subject: [PATCH] ktls: Do not return GNUTLS_E_INTERRUPTED/AGAIN from short
 writes

If sendmsg returns a short write, we end up going around the loop with
data_to_send being smaller.  However if sendmsg then returns -EAGAIN
or -EINTR then we return an error.  But we have "forgotten" that we
already sent some data.

This causes the caller to retry gnutls_record_send with the full
buffer (ie. with a buffer that has already been partially sent),
causing desynchronization.

Instead check if we sent some data in this case and return the number
of bytes sent.

Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1470
Thanks: Dan Berrange for suggesting a fix
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
---
 lib/system/ktls.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/system/ktls.c b/lib/system/ktls.c
index fd57a9c30..bb59fab7c 100644
--- a/lib/system/ktls.c
+++ b/lib/system/ktls.c
@@ -604,9 +604,17 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session,
 		if (ret == -1) {
 			switch (errno) {
 			case EINTR:
-				return GNUTLS_E_INTERRUPTED;
+				if (data_to_send < data_size) {
+					return data_size - data_to_send;
+				} else {
+					return GNUTLS_E_INTERRUPTED;
+				}
 			case EAGAIN:
-				return GNUTLS_E_AGAIN;
+				if (data_to_send < data_size) {
+					return data_size - data_to_send;
+				} else {
+					return GNUTLS_E_AGAIN;
+				}
 			default:
 				return GNUTLS_E_PUSH_ERROR;
 			}
-- 
2.39.2
Fix desychronisation with kTLS: https://gitlab.com/gnutls/gnutls/-/issues/1470 2023-03-11 07:32:46 +00:00			`From 21c386860f1973344872eec4e4dd68644b1b48aa Mon Sep 17 00:00:00 2001`
			`From: "Richard W.M. Jones" <rjones@redhat.com>`
			`Date: Fri, 10 Mar 2023 11:15:19 +0000`
			`Subject: [PATCH] ktls: Do not return GNUTLS_E_INTERRUPTED/AGAIN from short`
			`writes`

			`If sendmsg returns a short write, we end up going around the loop with`
			`data_to_send being smaller. However if sendmsg then returns -EAGAIN`
			`or -EINTR then we return an error. But we have "forgotten" that we`
			`already sent some data.`

			`This causes the caller to retry gnutls_record_send with the full`
			`buffer (ie. with a buffer that has already been partially sent),`
			`causing desynchronization.`

			`Instead check if we sent some data in this case and return the number`
			`of bytes sent.`

			`Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1470`
			`Thanks: Dan Berrange for suggesting a fix`
			`Signed-off-by: Richard W.M. Jones <rjones@redhat.com>`
			`---`
			`lib/system/ktls.c \| 12 ++++++++++--`
			`1 file changed, 10 insertions(+), 2 deletions(-)`

			`diff --git a/lib/system/ktls.c b/lib/system/ktls.c`
			`index fd57a9c30..bb59fab7c 100644`
			`--- a/lib/system/ktls.c`
			`+++ b/lib/system/ktls.c`
			`@@ -604,9 +604,17 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session,`
			`if (ret == -1) {`
			`switch (errno) {`
			`case EINTR:`
			`- return GNUTLS_E_INTERRUPTED;`
			`+ if (data_to_send < data_size) {`
			`+ return data_size - data_to_send;`
			`+ } else {`
			`+ return GNUTLS_E_INTERRUPTED;`
			`+ }`
			`case EAGAIN:`
			`- return GNUTLS_E_AGAIN;`
			`+ if (data_to_send < data_size) {`
			`+ return data_size - data_to_send;`
			`+ } else {`
			`+ return GNUTLS_E_AGAIN;`
			`+ }`
			`default:`
			`return GNUTLS_E_PUSH_ERROR;`
			`}`
			`--`
			`2.39.2`