asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/net/sctp
History
Wei Yongjun 7cc08b55fc [SCTP]: Fix kernel panic while received AUTH chunk with BAD shared key identifier 
If SCTP-AUTH is enabled, received AUTH chunk with BAD shared key 
identifier will cause kernel panic.

Test as following:
step1: enabled /proc/sys/net/sctp/auth_enable
step 2:  connect  to SCTP server with auth capable. Association is 
established between endpoints. Then send a AUTH chunk with a bad 
shareid, SCTP server will kernel panic after received that AUTH chunk.

SCTP client                   SCTP server
  INIT         ---------->  
    (with auth capable)
               <----------    INIT-ACK
                              (with auth capable)
  COOKIE-ECHO  ---------->
               <----------    COOKIE-ACK
  AUTH         ---------->


AUTH chunk is like this:
  AUTH chunk
    Chunk type: AUTH (15)
    Chunk flags: 0x00
    Chunk length: 28
    Shared key identifier: 10
    HMAC identifier: SHA-1 (1)
    HMAC: 0000000000000000000000000000000000000000

The assignment of NULL to key can safely be removed, since key_for_each 
(which is just list_for_each_entry under the covers does an initial 
assignment to key anyway).

If the endpoint_shared_keys list is empty, or if the key_id being 
requested does not exist, the function as it currently stands returns 
the actuall list_head (in this case endpoint_shared_keys.  Since that 
list_head isn't surrounded by an actuall data structure, the last 
iteration through list_for_each_entry will do a container_of on key, and 
we wind up returning a bogus pointer, instead of NULL, as we should.

> Neil Horman wrote:
>> On Tue, Jan 22, 2008 at 05:29:20PM +0900, Wei Yongjun wrote:
>>
>> FWIW, Ack from me.  The assignment of NULL to key can safely be 
>> removed, since
>> key_for_each (which is just list_for_each_entry under the covers does 
>> an initial
>> assignment to key anyway).
>> If the endpoint_shared_keys list is empty, or if the key_id being 
>> requested does
>> not exist, the function as it currently stands returns the actuall 
>> list_head (in
>> this case endpoint_shared_keys.  Since that list_head isn't 
>> surrounded by an
>> actuall data structure, the last iteration through 
>> list_for_each_entry will do a
>> container_of on key, and we wind up returning a bogus pointer, 
>> instead of NULL,
>> as we should.  Wei's patch corrects that.
>>
>> Regards
>> Neil
>>
>> Acked-by: Neil Horman <nhorman@tuxdriver.com>
>>
>
> Yep, the patch is correct.
>
> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>
>
> -vlad
>

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-05 03:03:06 -08:00
..
associola.c [SCTP]: Update ASCONF processing to conform to spec. 2008-01-28 14:59:23 -08:00
auth.c [SCTP]: Fix kernel panic while received AUTH chunk with BAD shared key identifier 2008-02-05 03:03:06 -08:00
bind_addr.c [SCTP]: Implement ADD-IP special case processing for ABORT chunk 2008-01-28 14:59:24 -08:00
chunk.c [SCTP]: Enable the sending of the AUTH chunk. 2007-10-10 16:51:31 -07:00
command.c
debug.c [NET]: Fix comparisons of unsigned < 0. 2007-06-03 18:08:47 -07:00
endpointola.c SCTP: Convert custom hash lists to use hlist. 2007-11-09 11:43:40 -05:00
input.c [SCTP]: Update association lookup to look at ASCONF chunks as well 2008-01-28 14:59:22 -08:00
inqueue.c SCTP: Fix a potential race between timers and receive path. 2007-11-07 11:39:27 -05:00
ipv6.c [NETNS][IPV6]: inet6_addr - check ipv6 address per namespace 2008-01-28 15:01:44 -08:00
Kconfig [SCTP]: Use crc32c library for checksum calculations. 2008-01-28 14:58:20 -08:00
Makefile [SCTP]: Use crc32c library for checksum calculations. 2008-01-28 14:58:20 -08:00
objcnt.c [SCTP]: Implement SCTP-AUTH internals 2007-10-10 16:51:29 -07:00
output.c [SCTP]: Use crc32c library for checksum calculations. 2008-01-28 14:58:20 -08:00
outqueue.c [SCTP]: Update ASCONF processing to conform to spec. 2008-01-28 14:59:23 -08:00
primitive.c [NET] SCTP: Fix whitespace errors. 2007-02-10 23:20:11 -08:00
proc.c SCTP: Convert custom hash lists to use hlist. 2007-11-09 11:43:40 -05:00
protocol.c [NETNS]: Add namespace parameter to ip_route_output_key. 2008-01-28 15:11:07 -08:00
sm_make_chunk.c [SCTP]: Fix miss of report unrecognized HMAC Algorithm parameter 2008-01-31 19:27:09 -08:00
sm_sideeffect.c SCTP: Fix difference cases of retransmit. 2007-11-07 11:39:27 -05:00
sm_statefuns.c [SCTP]: Fix kernel panic while received AUTH chunk while enabled auth 2008-02-05 03:02:26 -08:00
sm_statetable.c [SCTP]: ADD-IP updates the states where ASCONFs can be sent 2008-01-28 14:59:22 -08:00
socket.c [NET] CORE: Introducing new memory accounting interface. 2008-01-28 15:00:18 -08:00
ssnmap.c
sysctl.c [NET]: Simple ctl_table to ctl_path conversions. 2008-01-28 15:01:07 -08:00
transport.c [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
tsnmap.c sctp: fix shadow symbol in net/sctp/tsnmap.c 2007-08-01 11:19:06 -04:00
ulpevent.c [NET] CORE: Introducing new memory accounting interface. 2008-01-28 15:00:18 -08:00
ulpqueue.c [NET] CORE: Introducing new memory accounting interface. 2008-01-28 15:00:18 -08:00