Commit 21d4585718 for openssl.org
commit 21d4585718a235a412115ca5c2dcdc2fe8932b61
Author: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Sat Oct 11 14:19:28 2025 +0800
ktls_read_record(): Harden linux recv path
- drop tag subtraction in recv buffer sizing
- enforce MSG_EOR and reject MSG_CTRUNC
- zero prepended header bytes before recvmsg
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28861)
diff --git a/include/internal/ktls.h b/include/internal/ktls.h
index 83f66b9dba..8c9b12cfe2 100644
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@@ -407,7 +407,7 @@ static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
unsigned char *p = data;
const size_t prepend_length = SSL3_RT_HEADER_LENGTH;
- if (length < prepend_length + EVP_GCM_TLS_TAG_LEN) {
+ if (length < prepend_length) {
errno = EINVAL;
return -1;
}
@@ -417,17 +417,27 @@ static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
msg.msg_controllen = sizeof(cmsgbuf.buf);
msg_iov.iov_base = p + prepend_length;
- msg_iov.iov_len = length - prepend_length - EVP_GCM_TLS_TAG_LEN;
+ msg_iov.iov_len = length - prepend_length;
msg.msg_iov = &msg_iov;
msg.msg_iovlen = 1;
+ memset(p, 0, prepend_length);
+
ret = recvmsg(fd, &msg, 0);
if (ret < 0)
return ret;
+ if ((msg.msg_flags & (MSG_EOR | MSG_CTRUNC)) != MSG_EOR) {
+ errno = EMSGSIZE;
+ return -1;
+ }
+
if (msg.msg_controllen > 0) {
cmsg = CMSG_FIRSTHDR(&msg);
- if (cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
+ if (cmsg != NULL
+ && cmsg->cmsg_level == SOL_TLS
+ && cmsg->cmsg_type == TLS_GET_RECORD_TYPE
+ && cmsg->cmsg_len >= CMSG_LEN(sizeof(unsigned char))) {
p[0] = *((unsigned char *)CMSG_DATA(cmsg));
p[1] = TLS1_2_VERSION_MAJOR;
p[2] = TLS1_2_VERSION_MINOR;