rpms/gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix desychronisation with kTLS:

Browse Source 
https://gitlab.com/gnutls/gnutls/-/issues/1470
This commit is contained in:
Richard W.M. Jones 2023-03-11 07:32:46 +00:00
parent e361bb292d
commit e99bcaff78
2 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
gnutls-3.8.0-ktls-Do-not-return-GNUTLS_E_INTERRUPTED-AGAIN-from-s.patch Normal file
View File

@ -0,0 +1,52 @@
From 21c386860f1973344872eec4e4dd68644b1b48aa Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 10 Mar 2023 11:15:19 +0000
Subject: [PATCH] ktls: Do not return GNUTLS_E_INTERRUPTED/AGAIN from short
writes
If sendmsg returns a short write, we end up going around the loop with
data_to_send being smaller. However if sendmsg then returns -EAGAIN
or -EINTR then we return an error. But we have "forgotten" that we
already sent some data.
This causes the caller to retry gnutls_record_send with the full
buffer (ie. with a buffer that has already been partially sent),
causing desynchronization.
Instead check if we sent some data in this case and return the number
of bytes sent.
Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1470
Thanks: Dan Berrange for suggesting a fix
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
---
lib/system/ktls.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/lib/system/ktls.c b/lib/system/ktls.c
index fd57a9c30..bb59fab7c 100644
--- a/lib/system/ktls.c
+++ b/lib/system/ktls.c
@@ -604,9 +604,17 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session,
if (ret == -1) {
switch (errno) {
case EINTR:
- return GNUTLS_E_INTERRUPTED;
+ if (data_to_send < data_size) {
+ return data_size - data_to_send;
+ } else {
+ return GNUTLS_E_INTERRUPTED;
+ }
case EAGAIN:
- return GNUTLS_E_AGAIN;
+ if (data_to_send < data_size) {
+ return data_size - data_to_send;
+ } else {
+ return GNUTLS_E_AGAIN;
+ }
default:
return GNUTLS_E_PUSH_ERROR;
}
--
2.39.2

4
gnutls.spec
View File

@ -29,6 +29,10 @@ Patch: gnutls-3.7.8-ktls_disable_keyupdate_test.patch
# follow https://gitlab.com/gnutls/gnutls/-/issues/1443 # follow https://gitlab.com/gnutls/gnutls/-/issues/1443
Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
# Fix desychronisation with kTLS:
# https://gitlab.com/gnutls/gnutls/-/issues/1470
Patch: gnutls-3.8.0-ktls-Do-not-return-GNUTLS_E_INTERRUPTED-AGAIN-from-s.patch
%bcond_without bootstrap %bcond_without bootstrap
%bcond_without dane %bcond_without dane
%bcond_without fips %bcond_without fips