lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 24 Jan 2019 18:25:32 -0800 (PST)
From:   David Miller <davem@...emloft.net>
To:     lucien.xin@...il.com
Cc:     linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        linux-sctp@...r.kernel.org, marcelo.leitner@...il.com,
        nhorman@...driver.com
Subject: Re: [PATCH net] sctp: set chunk transport correctly when it's a
 new asoc

From: Xin Long <lucien.xin@...il.com>
Date: Tue, 22 Jan 2019 02:42:09 +0800

> In the paths:
> 
>   sctp_sf_do_unexpected_init() ->
>     sctp_make_init_ack()
>   sctp_sf_do_dupcook_a/b()() ->
>     sctp_sf_do_5_1D_ce()
> 
> The new chunk 'retval' transport is set from the incoming chunk 'chunk'
> transport. However, 'retval' transport belong to the new asoc, which
> is a different one from 'chunk' transport's asoc.
> 
> It will cause that the 'retval' chunk gets set with a wrong transport.
> Later when sending it and because of Commit b9fd683982c9 ("sctp: add
> sctp_packet_singleton"), sctp_packet_singleton() will set some fields,
> like vtag to 'retval' chunk from that wrong transport's asoc.
> 
> This patch is to fix it by setting 'retval' transport correctly which
> belongs to the right asoc in sctp_make_init_ack() and
> sctp_sf_do_5_1D_ce().
> 
> Fixes: b9fd683982c9 ("sctp: add sctp_packet_singleton")
> Reported-by: Ying Xu <yinxu@...hat.com>
> Signed-off-by: Xin Long <lucien.xin@...il.com>

Applied and queued up for -stable.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ