Commit e215dab1 authored by Xin Long's avatar Xin Long Committed by David S. Miller
Browse files

security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce 



The asoc created when receives the INIT chunk is a temporary one, it
will be deleted after INIT_ACK chunk is replied. So for the real asoc
created in sctp_sf_do_5_1D_ce() when the COOKIE_ECHO chunk is received,
security_sctp_assoc_request() should also be called.

v1->v2:
  - fix some typo and grammar errors, noticed by Ondrej.

Fixes: 72e89f50 ("security: Add support for SCTP security hooks")
Reported-by: default avatarPrashanth Prahlad <pprahlad@redhat.com>
Reviewed-by: default avatarRichard Haines <richard_c_haines@btinternet.com>
Tested-by: default avatarRichard Haines <richard_c_haines@btinternet.com>
Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent c081d53f

Documentation/security/SCTP.rst

+9 −6
Original line number Diff line number Diff line
@@ -151,9 +151,9 @@ establishing an association. 
         INIT --------------------------------------------->

                                                   sctp_sf_do_5_1B_init()

                                                 Respond to an INIT chunk.

                                             SCTP peer endpoint "A" is

                                             asking for an association. Call

                                             security_sctp_assoc_request()

                                             SCTP peer endpoint "A" is asking

                                             for a temporary association.

                                             Call security_sctp_assoc_request()

                                             to set the peer label if first

                                             association.

                                             If not first association, check
@@ -163,9 +163,12 @@ establishing an association. 
          |                                       discard the packet.

          |

    COOKIE ECHO ------------------------------------------>

                                                          |

                                                          |

                                                          |

                                                  sctp_sf_do_5_1D_ce()

                                             Respond to an COOKIE ECHO chunk.

                                             Confirm the cookie and create a

                                             permanent association.

                                             Call security_sctp_assoc_request() to

                                             do the same as for INIT chunk Response.

          <------------------------------------------- COOKIE ACK

          |                                               |

    sctp_sf_do_5_1E_ca                                    |

net/sctp/sm_statefuns.c

+5 −0
Original line number Diff line number Diff line
@@ -781,6 +781,11 @@ enum sctp_disposition sctp_sf_do_5_1D_ce(struct net *net, 
		}

	}



	if (security_sctp_assoc_request(new_asoc, chunk->skb)) {

		sctp_association_free(new_asoc);

		return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);

	}



	/* Delay state machine commands until later.

	 *

	 * Re-build the bind address for the association is done in