| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGCdqXFYFBwu=H18L_GxBHtOQEKQrhie6hM7iwceaHfGBcd-OQ@mail.gmail.com>
Date: Wed, 25 Jan 2017 10:57:13 -0500
From: Vladislav Yasevich <vyasevich@...il.com>
To: Xin Long <lucien.xin@...il.com>
Cc: network dev <netdev@...r.kernel.org>,
"linux-sctp@...r.kernel.org" <linux-sctp@...r.kernel.org>,
David Miller <davem@...emloft.net>,
Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
Neil Horman <nhorman@...driver.com>
Subject: Re: [PATCH net] sctp: sctp_addr_id2transport should verify the addr
before looking up assoc
On Wed, Jan 25, 2017 at 10:34 AM, Xin Long <lucien.xin@...il.com> wrote:
>
> On Wed, Jan 25, 2017 at 11:27 PM, Vladislav Yasevich
> <vyasevich@...il.com> wrote:
> > On Tue, Jan 24, 2017 at 1:01 AM, Xin Long <lucien.xin@...il.com> wrote:
> >>
> >> sctp_addr_id2transport is a function for sockopt to look up assoc by
> >> address. As the address is from userspace, it can be a v4-mapped v6
> >> address. But in sctp protocol stack, it always handles a v4-mapped
> >> v6 address as a v4 address. So it's necessary to convert it to a v4
> >> address before looking up assoc by address.
> >>
> >> This patch is to fix it by calling sctp_verify_addr in which it can do
> >> this conversion before calling sctp_endpoint_lookup_assoc, just like
> >> what sctp_sendmsg and __sctp_connect do for the address from users.
> >>
> >> Signed-off-by: Xin Long <lucien.xin@...il.com>
> >> ---
> >> net/sctp/socket.c | 6 +++++-
> >> 1 file changed, 5 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/net/sctp/socket.c b/net/sctp/socket.c
> >> index 318c678..37eeab7 100644
> >> --- a/net/sctp/socket.c
> >> +++ b/net/sctp/socket.c
> >> @@ -235,8 +235,12 @@ static struct sctp_transport
> >> *sctp_addr_id2transport(struct sock *sk,
> >> sctp_assoc_t id)
> >> {
> >> struct sctp_association *addr_asoc = NULL, *id_asoc = NULL;
> >> - struct sctp_transport *transport;
> >> + struct sctp_af *af = sctp_get_af_specific(addr->ss_family);
> >> union sctp_addr *laddr = (union sctp_addr *)addr;
> >> + struct sctp_transport *transport;
> >> +
> >> + if (sctp_verify_addr(sk, laddr, af->sockaddr_len))
> >> + return NULL;
> >>
> >
> > This causes a side-effect such that GET options will end up with ipv4
> > address instead
> > of a v4mapped address that was passed in.
> not really
>
> (more below)
> >
> > -vlad
> >
> >>
> >> addr_asoc = sctp_endpoint_lookup_assoc(sctp_sk(sk)->ep,
> >> laddr,
> sctp_get_pf_specific(sk->sk_family)->addr_to_user(sctp_sk(sk),
> (union sctp_addr *)addr);
>
> here it will convert it back to v4mapped v6 address.
>
Yep, you are right. Missed the fact that it was already there.
ACK
-vlad
> >> --
> >> 2.1.0
> >>
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> >> the body of a message to majordomo@...r.kernel.org
> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
> >
Powered by blists - more mailing lists