| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180502120434.GG4977@localhost.localdomain>
Date: Wed, 2 May 2018 09:04:34 -0300
From: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To: Xin Long <lucien.xin@...il.com>
Cc: network dev <netdev@...r.kernel.org>, linux-sctp@...r.kernel.org,
davem@...emloft.net, Neil Horman <nhorman@...driver.com>
Subject: Re: [PATCH net] sctp: use the old asoc when making the cookie-ack
chunk in dupcook_d
On Wed, May 02, 2018 at 01:39:46PM +0800, Xin Long wrote:
> When processing a duplicate cookie-echo chunk, for case 'D', sctp will
> not process the param from this chunk. It means old asoc has nothing
> to be updated, and the new temp asoc doesn't have the complete info.
>
> So there's no reason to use the new asoc when creating the cookie-ack
> chunk. Otherwise, like when auth is enabled for cookie-ack, the chunk
> can not be set with auth, and it will definitely be dropped by peer.
>
> This issue is there since very beginning, and we fix it by using the
> old asoc instead.
>
> Signed-off-by: Xin Long <lucien.xin@...il.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
> ---
> net/sctp/sm_statefuns.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
> index 98acfed..28c070e 100644
> --- a/net/sctp/sm_statefuns.c
> +++ b/net/sctp/sm_statefuns.c
> @@ -2056,7 +2056,7 @@ static enum sctp_disposition sctp_sf_do_dupcook_d(
> }
> }
>
> - repl = sctp_make_cookie_ack(new_asoc, chunk);
> + repl = sctp_make_cookie_ack(asoc, chunk);
> if (!repl)
> goto nomem;
>
> --
> 2.1.0
>
Powered by blists - more mailing lists