Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 Jun 2026 18:26:51 +0000
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 1756d1cab3ce - main - ktls CBC decrypt: Avoid creating zero length iovec entries
Message-ID:  <6a440a6b.1d883.60b376ff@gitrepo.freebsd.org>

index | next in thread | raw e-mail

The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=1756d1cab3ce28085eec94a45c557e1af265ccd0

commit 1756d1cab3ce28085eec94a45c557e1af265ccd0
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2026-06-30 18:11:29 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2026-06-30 18:11:29 +0000

    ktls CBC decrypt: Avoid creating zero length iovec entries
    
    If an mbuf's length in the chain for an encrypted TLS record exactly
    matches the remaining length of header bytes to skip, skip the mbuf
    entirely rather than adding a zero-length iovec entry.
    
    Sponsored by:   Chelsio Communications
---
 sys/opencrypto/ktls_ocf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/opencrypto/ktls_ocf.c b/sys/opencrypto/ktls_ocf.c
index 87cbf0bd3311..81e130258747 100644
--- a/sys/opencrypto/ktls_ocf.c
+++ b/sys/opencrypto/ktls_ocf.c
@@ -500,7 +500,7 @@ ktls_ocf_tls_cbc_decrypt(struct ktls_session *tls,
 	iov[0].iov_len = sizeof(ad);
 	skip = sizeof(*hdr) + AES_BLOCK_LEN;
 	for (i = 1, n = m; n != NULL; n = n->m_next) {
-		if (n->m_len < skip) {
+		if (n->m_len <= skip) {
 			skip -= n->m_len;
 			continue;
 		}


home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a440a6b.1d883.60b376ff>