| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190124.182532.1983690003554983866.davem@davemloft.net>
Date: Thu, 24 Jan 2019 18:25:32 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: lucien.xin@...il.com
Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
linux-sctp@...r.kernel.org, marcelo.leitner@...il.com,
nhorman@...driver.com
Subject: Re: [PATCH net] sctp: set chunk transport correctly when it's a
new asoc
From: Xin Long <lucien.xin@...il.com>
Date: Tue, 22 Jan 2019 02:42:09 +0800
> In the paths:
>
> sctp_sf_do_unexpected_init() ->
> sctp_make_init_ack()
> sctp_sf_do_dupcook_a/b()() ->
> sctp_sf_do_5_1D_ce()
>
> The new chunk 'retval' transport is set from the incoming chunk 'chunk'
> transport. However, 'retval' transport belong to the new asoc, which
> is a different one from 'chunk' transport's asoc.
>
> It will cause that the 'retval' chunk gets set with a wrong transport.
> Later when sending it and because of Commit b9fd683982c9 ("sctp: add
> sctp_packet_singleton"), sctp_packet_singleton() will set some fields,
> like vtag to 'retval' chunk from that wrong transport's asoc.
>
> This patch is to fix it by setting 'retval' transport correctly which
> belongs to the right asoc in sctp_make_init_ack() and
> sctp_sf_do_5_1D_ce().
>
> Fixes: b9fd683982c9 ("sctp: add sctp_packet_singleton")
> Reported-by: Ying Xu <yinxu@...hat.com>
> Signed-off-by: Xin Long <lucien.xin@...il.com>
Applied and queued up for -stable.
Powered by blists - more mailing lists