asedeno.scripts.mit.edu Git - linux.git/commit

author	Xin Long <lucien.xin@gmail.com>
	Sat, 5 May 2018 06:59:47 +0000 (14:59 +0800)
committer	David S. Miller <davem@davemloft.net>
	Tue, 8 May 2018 03:39:10 +0000 (23:39 -0400)
commit	59d8d4434f429b4fa8a346fd889058bda427a837
tree	5419ee91c2f1aadbde47c63dc3a95ee1aaeed485	tree \| snapshot
parent	a86b74d363708d0b04305f356fd3429c7b560a64	commit \| diff

sctp: delay the authentication for the duplicated cookie-echo chunk

Now sctp only delays the authentication for the normal cookie-echo
chunk by setting chunk->auth_chunk in sctp_endpoint_bh_rcv(). But
for the duplicated one with auth, in sctp_assoc_bh_rcv(), it does
authentication first based on the old asoc, which will definitely
fail due to the different auth info in the old asoc.

The duplicated cookie-echo chunk will create a new asoc with the
auth info from this chunk, and the authentication should also be
done with the new asoc's auth info for all of the collision 'A',
'B' and 'D'. Otherwise, the duplicated cookie-echo chunk with auth
will never pass the authentication and create the new connection.

This issue exists since very beginning, and this fix is to make
sctp_assoc_bh_rcv() follow the way sctp_endpoint_bh_rcv() does
for the normal cookie-echo chunk to delay the authentication.

While at it, remove the unused params from sctp_sf_authenticate()
and define sctp_auth_chunk_verify() used for all the places that
do the delayed authentication.

v1->v2:
fix the typo in changelog as Marcelo noticed.

Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/sctp/associola.c		diff \| blob \| history
net/sctp/sm_statefuns.c		diff \| blob \| history