upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys
History
Mark Johnston e3b852f99b ktls: Disallow transmitting empty frames outside of TLS 1.0/CBC mode 
There was nothing preventing one from sending an empty fragment on an
arbitrary KTLS TX-enabled socket, but ktls_frame() asserts that this
could not happen.  Though the transmit path handles this case for TLS
1.0 with AES-CBC, we should be strict and allow empty fragments only in
modes where it is explicitly allowed.

Modify sosend_generic() to reject writes to a KTLS-enabled socket if the
number of data bytes is zero, so that userspace cannot trigger the
aforementioned assertion.

Add regression tests to exercise this case.

Reported by:	syzkaller
Reviewed by:	gallatin, jhb
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 5de79eeddb)
2022-02-16 11:52:31 -05:00
..
amd64 x86 atomic.h: remove obsoleted comment 2022-02-11 12:52:55 +02:00
arm sched: separate out schedinit_ap() 2022-02-10 14:55:29 -06:00
arm64 sched: separate out schedinit_ap() 2022-02-10 14:55:29 -06:00
bsm Add aio_writev and aio_readv 2021-01-02 19:57:58 -07:00
cam CTL: Fix mode page trucation on HA synchronization. 2022-02-10 19:47:23 -05:00
cddl sys/cddl: remove extraneous semicolons 2022-02-08 15:04:31 -05:00
compat Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
conf Disable clang 14 warning about bitwise operators in zstd 2022-02-11 17:42:30 +01:00
contrib ngatm: remove one of doubled semicolons 2022-02-12 14:14:41 -05:00
crypto Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
ddb ddb: reliably fail with ambiguous commands 2021-07-02 14:13:24 -07:00
dev snd_hda: Add some ATI HDMI codec IDs. 2022-02-15 19:46:12 -05:00
dts add overlay for enabling i2c1 on allwinner h3 2022-02-09 11:35:59 +02:00
fs nfsd: Reply NFSERR_SEQMISORDERED for bogus seqid argument 2022-02-15 17:02:28 -08:00
gdb gdb(4): Do not use run length encoding for 3-symbol repetitions 2022-02-04 20:58:34 -05:00
geom In GEOM debugging output, show consumer for cloned and duplicated bio's. 2022-02-15 16:27:55 -08:00
gnu Remove the old dts imported tree. 2021-01-15 20:09:55 +01:00
i386 Remove device lio from i386's LINT-NOIP 2022-02-11 17:43:11 +01:00
isa Remove more remnants of sio(4) 2021-04-14 09:19:49 -04:00
kern ktls: Disallow transmitting empty frames outside of TLS 1.0/CBC mode 2022-02-16 11:52:31 -05:00
kgssapi State kgssapi dependency on xdr. 2020-09-17 22:29:38 +00:00
libkern Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
mips sched: separate out schedinit_ap() 2022-02-10 14:55:29 -06:00
modules mgb: Connect if_mgb module to the build 2022-02-12 14:13:50 -05:00
net netmap: fix LOR in iflib_netmap_register 2022-02-13 10:19:26 +00:00
net80211 Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
netgraph ng pppoe(4): Add the required NET_EPOCH section to the hook 2022-02-13 15:05:45 +03:00
netinet Fix a memory leak when ip_output_send() returns EAGAIN due to send tag issues 2022-02-10 15:39:22 -05:00
netinet6 Fix a memory leak when ip_output_send() returns EAGAIN due to send tag issues 2022-02-10 15:39:22 -05:00
netipsec syncache: accept packet with no SA when TCP_MD5SIG is set 2022-02-10 10:31:33 -09:00
netpfil pf: Initialize pf_kpool mutexes earlier 2022-02-07 09:10:16 -05:00
netsmb netsmb: Avoid a read-after-free in smb_t2_request_int() 2021-06-02 09:34:47 -04:00
nfs nfs: don't truncate directory cookies to 32-bits in the NFS server 2022-01-02 20:09:15 -07:00
nfsclient nfs: clean up empty lines in .c and .h files 2020-09-01 21:25:39 +00:00
nfsserver nfs: Mark unused statistics variable as reserved 2020-11-18 04:35:49 +00:00
nlm nlm: clean up empty lines in .c and .h files 2020-09-01 22:14:52 +00:00
ofed socket: Rename sb(un)lock() and interlock with listen(2) 2021-10-07 09:56:47 -04:00
opencrypto Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
powerpc sched: separate out schedinit_ap() 2022-02-10 14:55:29 -06:00
riscv sched: separate out schedinit_ap() 2022-02-10 14:55:29 -06:00
rpc rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values 2021-12-29 17:23:30 -08:00
security Thread creation privilege for realtime group 2021-12-19 04:42:52 +02:00
sys ktls: Disallow transmitting empty frames outside of TLS 1.0/CBC mode 2022-02-16 11:52:31 -05:00
teken loader: implement framebuffer console 2021-01-02 21:41:36 +02:00
tests routing: add IPv6 fib validation procedure. 2021-09-07 21:02:58 +00:00
tools Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights 2022-02-08 15:00:55 -05:00
ufs ufs: handle LoR between snap lock and vnode lock 2022-02-15 16:01:23 -08:00
vm Revert "vm_pageout_scans: correct detection of active object" 2022-02-10 16:56:15 +02:00
x86 Use CPUID leaf 0x40000010 for local APIC freq 2022-02-10 22:52:00 -08:00
xdr xdr: clean up empty lines in .c and .h files 2020-09-01 22:13:28 +00:00
xen xen(4): Fix a common typo in a source code comments 2022-02-09 07:20:31 +01:00
Makefile