diff options
author | Wei Yongjun <yjwei@cn.fujitsu.com> | 2008-04-12 21:39:19 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-04-12 21:39:19 -0400 |
commit | 72da7b3860cabf427590b4982bc880bafab4d5c8 (patch) | |
tree | 7a5084f9eac6c5556d792d0503158860b046201f | |
parent | e56cfad132f2ae269082359d279c17230c987e74 (diff) |
[SCTP]: Add check for hmac_algo parameter in sctp_verify_param()
RFC 4890 has the following text:
The HMAC algorithm based on SHA-1 MUST be supported and
included in the HMAC-ALGO parameter.
As a result, we need to check in sctp_verify_param() that HMAC_SHA1 is
present in the list. If not, we should probably treat this as a
protocol violation.
It should also be a protocol violation if the HMAC parameter is empty.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/sctp/sm_make_chunk.c | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 578630e8e00d..36ebb392472e 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c | |||
@@ -1982,7 +1982,10 @@ static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, | |||
1982 | struct sctp_chunk *chunk, | 1982 | struct sctp_chunk *chunk, |
1983 | struct sctp_chunk **err_chunk) | 1983 | struct sctp_chunk **err_chunk) |
1984 | { | 1984 | { |
1985 | struct sctp_hmac_algo_param *hmacs; | ||
1985 | int retval = SCTP_IERROR_NO_ERROR; | 1986 | int retval = SCTP_IERROR_NO_ERROR; |
1987 | __u16 n_elt, id = 0; | ||
1988 | int i; | ||
1986 | 1989 | ||
1987 | /* FIXME - This routine is not looking at each parameter per the | 1990 | /* FIXME - This routine is not looking at each parameter per the |
1988 | * chunk type, i.e., unrecognized parameters should be further | 1991 | * chunk type, i.e., unrecognized parameters should be further |
@@ -2056,9 +2059,29 @@ static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, | |||
2056 | break; | 2059 | break; |
2057 | 2060 | ||
2058 | case SCTP_PARAM_HMAC_ALGO: | 2061 | case SCTP_PARAM_HMAC_ALGO: |
2059 | if (sctp_auth_enable) | 2062 | if (!sctp_auth_enable) |
2060 | break; | 2063 | goto fallthrough; |
2061 | /* Fall Through */ | 2064 | |
2065 | hmacs = (struct sctp_hmac_algo_param *)param.p; | ||
2066 | n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; | ||
2067 | |||
2068 | /* SCTP-AUTH: Section 6.1 | ||
2069 | * The HMAC algorithm based on SHA-1 MUST be supported and | ||
2070 | * included in the HMAC-ALGO parameter. | ||
2071 | */ | ||
2072 | for (i = 0; i < n_elt; i++) { | ||
2073 | id = ntohs(hmacs->hmac_ids[i]); | ||
2074 | |||
2075 | if (id == SCTP_AUTH_HMAC_ID_SHA1) | ||
2076 | break; | ||
2077 | } | ||
2078 | |||
2079 | if (id != SCTP_AUTH_HMAC_ID_SHA1) { | ||
2080 | sctp_process_inv_paramlength(asoc, param.p, chunk, | ||
2081 | err_chunk); | ||
2082 | retval = SCTP_IERROR_ABORT; | ||
2083 | } | ||
2084 | break; | ||
2062 | fallthrough: | 2085 | fallthrough: |
2063 | default: | 2086 | default: |
2064 | SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", | 2087 | SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", |