• Xin Long's avatar
    sctp: delay the authentication for the duplicated cookie-echo chunk · 0e67ad52
    Xin Long authored
    [ Upstream commit 59d8d443 ]
    
    Now sctp only delays the authentication for the normal cookie-echo
    chunk by setting chunk->auth_chunk in sctp_endpoint_bh_rcv(). But
    for the duplicated one with auth, in sctp_assoc_bh_rcv(), it does
    authentication first based on the old asoc, which will definitely
    fail due to the different auth info in the old asoc.
    
    The duplicated cookie-echo chunk will create a new asoc with the
    auth info from this chunk, and the authentication should also be
    done with the new asoc's auth info for all of the collision 'A',
    'B' and 'D'. Otherwise, the duplicated cookie-echo chunk with auth
    will never pass the authentication and create the new connection.
    
    This issue exists since very beginning, and this fix is to make
    sctp_assoc_bh_rcv() follow the way sctp_endpoint_bh_rcv() does
    for the normal cookie-echo chunk to delay the authentication.
    
    While at it, remove the unused params from sctp_sf_authenticate()
    and define sctp_auth_chunk_verify() used for all the places that
    do the delayed authentication.
    
    v1->v2:
      fix the typo in changelog as Marcelo noticed.
    Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
    Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
    Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    0e67ad52
associola.c 49 KB