lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 3 Oct 2023 13:07:50 +0200
From: Simon Horman <horms@...nel.org>
To: Xin Long <lucien.xin@...il.com>
Cc: network dev <netdev@...r.kernel.org>, linux-sctp@...r.kernel.org,
	davem@...emloft.net, kuba@...nel.org,
	Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
	Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Subject: Re: [PATCH net] sctp: update transport state when processing a
 dupcook packet

On Sun, Oct 01, 2023 at 10:58:45AM -0400, Xin Long wrote:
> During the 4-way handshake, the transport's state is set to ACTIVE in
> sctp_process_init() when processing INIT_ACK chunk on client or
> COOKIE_ECHO chunk on server.
> 
> In the collision scenario below:
> 
>   192.168.1.2 > 192.168.1.1: sctp (1) [INIT] [init tag: 3922216408]
>     192.168.1.1 > 192.168.1.2: sctp (1) [INIT] [init tag: 144230885]
>     192.168.1.2 > 192.168.1.1: sctp (1) [INIT ACK] [init tag: 3922216408]
>     192.168.1.1 > 192.168.1.2: sctp (1) [COOKIE ECHO]
>     192.168.1.2 > 192.168.1.1: sctp (1) [COOKIE ACK]
>   192.168.1.1 > 192.168.1.2: sctp (1) [INIT ACK] [init tag: 3914796021]
> 
> when processing COOKIE_ECHO on 192.168.1.2, as it's in COOKIE_WAIT state,
> sctp_sf_do_dupcook_b() is called by sctp_sf_do_5_2_4_dupcook() where it
> creates a new association and sets its transport to ACTIVE then updates
> to the old association in sctp_assoc_update().
> 
> However, in sctp_assoc_update(), it will skip the transport update if it
> finds a transport with the same ipaddr already existing in the old asoc,
> and this causes the old asoc's transport state not to move to ACTIVE
> after the handshake.
> 
> This means if DATA retransmission happens at this moment, it won't be able
> to enter PF state because of the check 'transport->state == SCTP_ACTIVE'
> in sctp_do_8_2_transport_strike().
> 
> This patch fixes it by updating the transport in sctp_assoc_update() with
> sctp_assoc_add_peer() where it updates the transport state if there is
> already a transport with the same ipaddr exists in the old asoc.

Hi Xin Long,

I wonder if this warrants a fixes tag, and if so, perhaps:

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")


> Signed-off-by: Xin Long <lucien.xin@...il.com>

Reviewed-by: Simon Horman <horms@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ