Hello Atul Gupta,

The patch a08943947873: "crypto: chtls - Register chtls with net tls"
from Mar 31, 2018, leads to the following static checker warning:

        drivers/crypto/chelsio/chtls/chtls_main.c:447 do_chtls_getsockopt()
        warn: check that 'crypto_info.cipher_type' doesn't leak information

drivers/crypto/chelsio/chtls/chtls_main.c
   441  static int do_chtls_getsockopt(struct sock *sk, char __user *optval,
   442                                 int __user *optlen)
   443  {
   444          struct tls_crypto_info crypto_info;
   445  
   446          crypto_info.version = TLS_1_2_VERSION;
   447          if (copy_to_user(optval, &crypto_info, sizeof(struct 
tls_crypto_info)))
   448                  return -EFAULT;

It is an info leak, but perhaps instead of just zeroing it out we could
set crypto_info.cipher_type to something meaningful?

   449          return 0;
   450  }

regards,
dan carpenter

Reply via email to