sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (ef16b173) · Commits · Mirrors / git.yoctoproject.org / linux-yocto · GitLab

Commit ef16b173 authored Oct 20, 2021 by

Xin Long Committed by Jakub Kicinski Oct 22, 2021

sctp: add vtag check in sctp_sf_do_8_5_1_E_sa



sctp_sf_do_8_5_1_E_sa() is called when processing SHUTDOWN_ACK chunk
in cookie_wait and cookie_echoed state.

The vtag in the chunk's sctphdr should be verified, otherwise, as
later in chunk length check, it may send abort with the existent
asoc's vtag, which can be exploited by one to cook a malicious
chunk to terminate a SCTP asoc.

Note that when fails to verify the vtag from SHUTDOWN-ACK chunk,
SHUTDOWN COMPLETE message will still be sent back to peer, but
with the vtag from SHUTDOWN-ACK chunk, as said in 5) of
rfc4960#section-8.4.

While at it, also remove the unnecessary chunk length check from
sctp_sf_shut_8_4_5(), as it's already done in both places where
it calls sctp_sf_shut_8_4_5().

Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent aa0f697e

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit c2442f72
· Nov 06, 2021

mentioned in commit c2442f72

mentioned in commit c2442f721972ea7c317fbfd55c902616b3151ad5

Toggle commit list
mirror @mirror
mentioned in commit 1c255b5f
· Nov 06, 2021

mentioned in commit 1c255b5f

mentioned in commit 1c255b5f68f4dac3f1f0f24741575aac2325470a

Toggle commit list
mirror @mirror
mentioned in commit df527764
· Nov 06, 2021

mentioned in commit df527764

mentioned in commit df527764072c5fb7ede93a41cc8f3acbf41dde8c

Toggle commit list

Please register or to comment