| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181115172221.GA3601@localhost.localdomain>
Date: Thu, 15 Nov 2018 15:22:21 -0200
From: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To: Xin Long <lucien.xin@...il.com>
Cc: network dev <netdev@...r.kernel.org>, linux-sctp@...r.kernel.org,
davem@...emloft.net, Neil Horman <nhorman@...driver.com>
Subject: Re: [PATCH net] sctp: not allow to set asoc prsctp_enable by sockopt
On Thu, Nov 15, 2018 at 07:14:28PM +0800, Xin Long wrote:
> As rfc7496#section4.5 says about SCTP_PR_SUPPORTED:
>
> This socket option allows the enabling or disabling of the
> negotiation of PR-SCTP support for future associations. For existing
> associations, it allows one to query whether or not PR-SCTP support
> was negotiated on a particular association.
>
> It means only sctp sock's prsctp_enable can be set.
>
> Note that for the limitation of SCTP_{CURRENT|ALL}_ASSOC, we will
> add it when introducing SCTP_{FUTURE|CURRENT|ALL}_ASSOC for linux
> sctp in another patchset.
>
> Fixes: 28aa4c26fce2 ("sctp: add SCTP_PR_SUPPORTED on sctp sockopt")
> Reported-by: Ying Xu <yinxu@...hat.com>
> Signed-off-by: Xin Long <lucien.xin@...il.com>
> ---
> net/sctp/socket.c | 13 +++----------
> 1 file changed, 3 insertions(+), 10 deletions(-)
>
> diff --git a/net/sctp/socket.c b/net/sctp/socket.c
> index 739f3e5..e9b8232 100644
> --- a/net/sctp/socket.c
> +++ b/net/sctp/socket.c
> @@ -3940,7 +3940,6 @@ static int sctp_setsockopt_pr_supported(struct sock *sk,
> unsigned int optlen)
> {
> struct sctp_assoc_value params;
> - struct sctp_association *asoc;
> int retval = -EINVAL;
>
> if (optlen != sizeof(params))
> @@ -3951,16 +3950,10 @@ static int sctp_setsockopt_pr_supported(struct sock *sk,
> goto out;
> }
>
> - asoc = sctp_id2assoc(sk, params.assoc_id);
> - if (asoc) {
> - asoc->prsctp_enable = !!params.assoc_value;
> - } else if (!params.assoc_id) {
> - struct sctp_sock *sp = sctp_sk(sk);
> -
> - sp->ep->prsctp_enable = !!params.assoc_value;
> - } else {
> + if (sctp_style(sk, UDP) && sctp_id2assoc(sk, params.assoc_id))
This would allow using a non-existent assoc id on UDP-style sockets to
set it at the socket, which is not expected. It should be more like:
+ if (sctp_style(sk, UDP) && params.assoc_id)
> goto out;
> - }
> +
> + sctp_sk(sk)->ep->prsctp_enable = !!params.assoc_value;
>
> retval = 0;
>
> --
> 2.1.0
>
Powered by blists - more mailing lists