Date: Tue, 30 Jun 2026 18:26:51 +0000 From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 1756d1cab3ce - main - ktls CBC decrypt: Avoid creating zero length iovec entries Message-ID: <6a440a6b.1d883.60b376ff@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=1756d1cab3ce28085eec94a45c557e1af265ccd0 commit 1756d1cab3ce28085eec94a45c557e1af265ccd0 Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2026-06-30 18:11:29 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2026-06-30 18:11:29 +0000 ktls CBC decrypt: Avoid creating zero length iovec entries If an mbuf's length in the chain for an encrypted TLS record exactly matches the remaining length of header bytes to skip, skip the mbuf entirely rather than adding a zero-length iovec entry. Sponsored by: Chelsio Communications --- sys/opencrypto/ktls_ocf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/opencrypto/ktls_ocf.c b/sys/opencrypto/ktls_ocf.c index 87cbf0bd3311..81e130258747 100644 --- a/sys/opencrypto/ktls_ocf.c +++ b/sys/opencrypto/ktls_ocf.c @@ -500,7 +500,7 @@ ktls_ocf_tls_cbc_decrypt(struct ktls_session *tls, iov[0].iov_len = sizeof(ad); skip = sizeof(*hdr) + AES_BLOCK_LEN; for (i = 1, n = m; n != NULL; n = n->m_next) { - if (n->m_len < skip) { + if (n->m_len <= skip) { skip -= n->m_len; continue; }home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a440a6b.1d883.60b376ff>
