[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YlCBEU6r8Oe8h3CK@t14s.localdomain>
Date: Fri, 8 Apr 2022 15:38:09 -0300
From: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To: Xin Long <lucien.xin@...il.com>
Cc: network dev <netdev@...r.kernel.org>, linux-sctp@...r.kernel.org,
davem@...emloft.net, kuba@...nel.org,
Neil Horman <nhorman@...driver.com>, omosnace@...hat.com
Subject: Re: [PATCHv2 net] sctp: use the correct skb for
security_sctp_assoc_request
On Thu, Apr 07, 2022 at 09:24:22AM -0400, Xin Long wrote:
> Yi Chen reported an unexpected sctp connection abort, and it occurred when
> COOKIE_ECHO is bundled with DATA Fragment by SCTP HW GSO. As the IP header
> is included in chunk->head_skb instead of chunk->skb, it failed to check
> IP header version in security_sctp_assoc_request().
>
> According to Ondrej, SELinux only looks at IP header (address and IPsec
> options) and XFRM state data, and these are all included in head_skb for
> SCTP HW GSO packets. So fix it by using head_skb when calling
> security_sctp_assoc_request() in processing COOKIE_ECHO.
>
> v1->v2:
> - As Ondrej noticed, chunk->head_skb should also be used for
> security_sctp_assoc_established() in sctp_sf_do_5_1E_ca().
>
> Fixes: e215dab1c490 ("security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce")
> Reported-by: Yi Chen <yiche@...hat.com>
> Signed-off-by: Xin Long <lucien.xin@...il.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Powered by blists - more mailing lists