sctp: add vtag check in sctp_sf_ootb (9d02831e) · Commits · Mirrors / git.yoctoproject.org / linux-yocto · GitLab

Commit 9d02831e authored Oct 20, 2021 by

Xin Long Committed by Jakub Kicinski Oct 22, 2021

sctp: add vtag check in sctp_sf_ootb



sctp_sf_ootb() is called when processing DATA chunk in closed state,
and many other places are also using it.

The vtag in the chunk's sctphdr should be verified, otherwise, as
later in chunk length check, it may send abort with the existent
asoc's vtag, which can be exploited by one to cook a malicious
chunk to terminate a SCTP asoc.

When fails to verify the vtag from the chunk, this patch sets asoc
to NULL, so that the abort will be made with the vtag from the
received chunk later.

Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent ef16b173

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit a7112b8e
· Nov 06, 2021

mentioned in commit a7112b8e

mentioned in commit a7112b8eeb14b3db21bc96abc79ca7525d77e129

Toggle commit list
mirror @mirror
mentioned in commit 0717c71d
· Nov 06, 2021

mentioned in commit 0717c71d

mentioned in commit 0717c71deae69aa3511492c302dd44a2f3722184

Toggle commit list
mirror @mirror
mentioned in commit 0f5b4c57
· Nov 06, 2021

mentioned in commit 0f5b4c57

mentioned in commit 0f5b4c57dc8573bdb9926b17748065ac2104b1d1

Toggle commit list

Please register or to comment