d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5de79eeddb
freebsd-dev/tests/sys
History
Mark Johnston 5de79eeddb ktls: Disallow transmitting empty frames outside of TLS 1.0/CBC mode 
There was nothing preventing one from sending an empty fragment on an
arbitrary KTLS TX-enabled socket, but ktls_frame() asserts that this
could not happen.  Though the transmit path handles this case for TLS
1.0 with AES-CBC, we should be strict and allow empty fragments only in
modes where it is explicitly allowed.

Modify sosend_generic() to reject writes to a KTLS-enabled socket if the
number of data bytes is zero, so that userspace cannot trigger the
aforementioned assertion.

Add regression tests to exercise this case.

Reported by:	syzkaller
Reviewed by:	gallatin, jhb
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34195
2022-02-08 12:40:41 -05:00
..
acl tests/sys/acl: Add ATF C test for newly added acl_* functions. 2021-08-27 11:52:21 +03:00
aio Temporarily skip flaky tset cases under sys.aio.aio_test in CI 2021-09-29 03:32:47 +08:00
audit swapon(8): adapt to the new swapoff(2) interface 2021-12-09 02:48:59 +02:00
auditpipe
capsicum Fix MK_TESTS build with MK_ASAN/MK_UBSAN 2021-08-02 14:33:24 +01:00
cddl
common tests/net*: destroy interface from inside a jail 2022-01-24 21:08:03 -08:00
devrandom
fifo
file vfs: Permit unix sockets to be opened with O_PATH 2021-09-17 14:19:06 -04:00
fs Explicitly include semaphore.h for struct _sem in fusefs setattr test 2022-02-06 17:07:28 +01:00
geom gmultipath tests: Re-enable the failloop test in CI 2021-10-04 12:28:27 -04:00
kern ktls: Disallow transmitting empty frames outside of TLS 1.0/CBC mode 2022-02-08 12:40:41 -05:00
kqueue fifos: delegate unhandled kqueue filters to underlying filesystem 2021-10-12 02:43:07 -05:00
mac
mqueue
net tests/sys/net/routing: remove bandaid against old epair(4) panic 2022-01-26 21:58:43 -08:00
netgraph Remove riscv workaround in sys.netgraph.hub.loop test 2021-12-05 11:12:40 -04:00
netinet tests/netinet: add test for IPv6 NS and CARP 2022-01-24 21:02:47 -08:00
netinet6 ndp tests: fix cleanup 2021-12-13 18:14:59 +01:00
netipsec
netmap netmap: update unit tests with libnetmap tests 2021-04-02 14:39:30 +00:00
netpfil pf tests: Only do post-test logging when specifically enabled 2022-02-05 10:31:51 +01:00
opencrypto ossl: Add support for AES-CBC cipher 2021-11-08 10:53:31 +01:00
pjdfstest
posixshm posixshm tests: Fix occasional largepage_mprotect failures 2022-01-03 13:00:50 -05:00
ses tests/sys/ses: Use ANSI C definition for has_ses. 2022-02-01 13:25:47 -08:00
sys vm_reserv: use enhanced bitstring for popmaps 2022-01-12 11:03:53 -06:00
vfs
vm shared shadow vm object invalidation regression test 2021-04-07 12:39:05 -07:00
vmm vmm: Add credential to cdev object 2021-08-18 13:41:33 -04:00
Makefile Add tests for ses(4) 2022-01-19 12:43:51 -07:00
Makefile.depend
Makefile.inc