Fix desychronisation with kTLS:
https://gitlab.com/gnutls/gnutls/-/issues/1470
This commit is contained in:
Richard W.M. Jones
parent
e361bb292d
commit
e99bcaff78
@ -0,0 +1,52 @@
|
||||
From 21c386860f1973344872eec4e4dd68644b1b48aa Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Fri, 10 Mar 2023 11:15:19 +0000
|
||||
Subject: [PATCH] ktls: Do not return GNUTLS_E_INTERRUPTED/AGAIN from short
|
||||
writes
|
||||
|
||||
If sendmsg returns a short write, we end up going around the loop with
|
||||
data_to_send being smaller. However if sendmsg then returns -EAGAIN
|
||||
or -EINTR then we return an error. But we have "forgotten" that we
|
||||
already sent some data.
|
||||
|
||||
This causes the caller to retry gnutls_record_send with the full
|
||||
buffer (ie. with a buffer that has already been partially sent),
|
||||
causing desynchronization.
|
||||
|
||||
Instead check if we sent some data in this case and return the number
|
||||
of bytes sent.
|
||||
|
||||
Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1470
|
||||
Thanks: Dan Berrange for suggesting a fix
|
||||
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
---
|
||||
lib/system/ktls.c | 12 ++++++++++--
|
||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/system/ktls.c b/lib/system/ktls.c
|
||||
index fd57a9c30..bb59fab7c 100644
|
||||
--- a/lib/system/ktls.c
|
||||
+++ b/lib/system/ktls.c
|
||||
@@ -604,9 +604,17 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session,
|
||||
if (ret == -1) {
|
||||
switch (errno) {
|
||||
case EINTR:
|
||||
- return GNUTLS_E_INTERRUPTED;
|
||||
+ if (data_to_send < data_size) {
|
||||
+ return data_size - data_to_send;
|
||||
+ } else {
|
||||
+ return GNUTLS_E_INTERRUPTED;
|
||||
+ }
|
||||
case EAGAIN:
|
||||
- return GNUTLS_E_AGAIN;
|
||||
+ if (data_to_send < data_size) {
|
||||
+ return data_size - data_to_send;
|
||||
+ } else {
|
||||
+ return GNUTLS_E_AGAIN;
|
||||
+ }
|
||||
default:
|
||||
return GNUTLS_E_PUSH_ERROR;
|
||||
}
|
||||
--
|
||||
2.39.2
|
||||
|
||||
@ -29,6 +29,10 @@ Patch: gnutls-3.7.8-ktls_disable_keyupdate_test.patch
|
||||
# follow https://gitlab.com/gnutls/gnutls/-/issues/1443
|
||||
Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
|
||||
|
||||
# Fix desychronisation with kTLS:
|
||||
# https://gitlab.com/gnutls/gnutls/-/issues/1470
|
||||
Patch: gnutls-3.8.0-ktls-Do-not-return-GNUTLS_E_INTERRUPTED-AGAIN-from-s.patch
|
||||
|
||||
%bcond_without bootstrap
|
||||
%bcond_without dane
|
||||
%bcond_without fips
|
||||
|
||||
Loading…
Reference in New Issue
Block a user