lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu,  1 Mar 2018 23:05:09 +0800
From:   Xin Long <lucien.xin@...il.com>
To:     network dev <netdev@...r.kernel.org>, linux-sctp@...r.kernel.org
Cc:     Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
        Neil Horman <nhorman@...driver.com>, davem@...emloft.net
Subject: [PATCH net-next 0/9] sctp: clean up sctp_sendmsg

This cleanup mostly does three things:

 - extract some codes into functions to make sendmsg more readable.

 - tidy up some codes to avoid the unnecessary checks.

 - adjust some logic so that it will be easier to add the send flags
   and cmsgs features that I will post after this.

To make it easy to review and to check if the code is compatible with
before, this patchset is to do it step by step in 9 patches.

NOTE:
There will be a conflict when merging
Commit 2277c7cd75e3 ("sctp: Add LSM hooks") from selinux tree,
the solution is to:

1. remove all the lines in [B]:

    <<<<<<< HEAD
    [A]
    =======
    [B]
    >>>>>>> 2277c7c... sctp: Add LSM hooks

2. and apply the following diff-output:

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 980621e..d6803c8 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -1686,6 +1686,7 @@ static int sctp_sendmsg_new_asoc(struct sock *sk, __u16 sflags,
 	struct net *net = sock_net(sk);
 	struct sctp_association *asoc;
 	enum sctp_scope scope;
+	struct sctp_af *af;
 	int err = -EINVAL;

 	*tp = NULL;
@@ -1711,6 +1712,22 @@ static int sctp_sendmsg_new_asoc(struct sock *sk, __u16 sflags,

 	scope = sctp_scope(daddr);

+	/* Label connection socket for first association 1-to-many
+	 * style for client sequence socket()->sendmsg(). This
+	 * needs to be done before sctp_assoc_add_peer() as that will
+	 * set up the initial packet that needs to account for any
+	 * security ip options (CIPSO/CALIPSO) added to the packet.
+	 */
+	af = sctp_get_af_specific(daddr->sa.sa_family);
+	if (!af)
+		return -EINVAL;
+
+	err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
+					 (struct sockaddr *)daddr,
+					 af->sockaddr_len);
+	if (err < 0)
+		return err;
+
 	asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
 	if (!asoc)
 		return -ENOMEM;

Xin Long (9):
  sctp: factor out sctp_sendmsg_to_asoc from sctp_sendmsg
  sctp: factor out sctp_sendmsg_new_asoc from sctp_sendmsg
  sctp: factor out sctp_sendmsg_check_sflags from sctp_sendmsg
  sctp: factor out sctp_sendmsg_get_daddr from sctp_sendmsg
  sctp: factor out sctp_sendmsg_parse from sctp_sendmsg
  sctp: factor out sctp_sendmsg_update_sinfo from sctp_sendmsg
  sctp: remove the unnecessary transport looking up from sctp_sendmsg
  sctp: improve some variables in sctp_sendmsg
  sctp: adjust some codes in a better order in sctp_sendmsg

 net/sctp/socket.c | 638 +++++++++++++++++++++++-------------------------------
 1 file changed, 274 insertions(+), 364 deletions(-)

-- 
2.1.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ