aboutsummaryrefslogtreecommitdiffstats
path: root/net/sctp
diff options
context:
space:
mode:
authorVlad Yasevich <vladislav.yasevich@hp.com>2007-12-20 17:13:31 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:59:25 -0500
commitd6701191329b51793bc56724548f0863d2149c29 (patch)
tree2833f850724af85622b844d27f42e285176e2f7f /net/sctp
parent75205f478331cc64ce729ea72d3c8c1837fb59cb (diff)
[SCTP]: Follow Add-IP security consideratiosn wrt INIT/INIT-ACK
The Security Considerations section of RFC 5061 has the following text: If an SCTP endpoint that supports this extension receives an INIT that indicates that the peer supports the ASCONF extension but does NOT support the [RFC4895] extension, the receiver of such an INIT MUST send an ABORT in response. Note that an implementation is allowed to silently discard such an INIT as an option as well, but under NO circumstance is an implementation allowed to proceed with the association setup by sending an INIT-ACK in response. An implementation that receives an INIT-ACK that indicates that the peer does not support the [RFC4895] extension MUST NOT send the COOKIE-ECHO to establish the association. Instead, the implementation MUST discard the INIT-ACK and report to the upper- layer user that an association cannot be established destroying the Transmission Control Block (TCB). Follow the recomendations. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp')
-rw-r--r--net/sctp/sm_make_chunk.c47
-rw-r--r--net/sctp/sm_statefuns.c7
2 files changed, 46 insertions, 8 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 46f54188f00a..dd98763c8b00 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1836,6 +1836,39 @@ static int sctp_process_hn_param(const struct sctp_association *asoc,
1836 return 0; 1836 return 0;
1837} 1837}
1838 1838
1839static int sctp_verify_ext_param(union sctp_params param)
1840{
1841 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
1842 int have_auth = 0;
1843 int have_asconf = 0;
1844 int i;
1845
1846 for (i = 0; i < num_ext; i++) {
1847 switch (param.ext->chunks[i]) {
1848 case SCTP_CID_AUTH:
1849 have_auth = 1;
1850 break;
1851 case SCTP_CID_ASCONF:
1852 case SCTP_CID_ASCONF_ACK:
1853 have_asconf = 1;
1854 break;
1855 }
1856 }
1857
1858 /* ADD-IP Security: The draft requires us to ABORT or ignore the
1859 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this
1860 * only if ADD-IP is turned on and we are not backward-compatible
1861 * mode.
1862 */
1863 if (sctp_addip_noauth)
1864 return 1;
1865
1866 if (sctp_addip_enable && !have_auth && have_asconf)
1867 return 0;
1868
1869 return 1;
1870}
1871
1839static void sctp_process_ext_param(struct sctp_association *asoc, 1872static void sctp_process_ext_param(struct sctp_association *asoc,
1840 union sctp_params param) 1873 union sctp_params param)
1841{ 1874{
@@ -1966,7 +1999,11 @@ static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc,
1966 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 1999 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
1967 case SCTP_PARAM_ECN_CAPABLE: 2000 case SCTP_PARAM_ECN_CAPABLE:
1968 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2001 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2002 break;
2003
1969 case SCTP_PARAM_SUPPORTED_EXT: 2004 case SCTP_PARAM_SUPPORTED_EXT:
2005 if (!sctp_verify_ext_param(param))
2006 return SCTP_IERROR_ABORT;
1970 break; 2007 break;
1971 2008
1972 case SCTP_PARAM_SET_PRIMARY: 2009 case SCTP_PARAM_SET_PRIMARY:
@@ -2139,10 +2176,11 @@ int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
2139 !asoc->peer.peer_hmacs)) 2176 !asoc->peer.peer_hmacs))
2140 asoc->peer.auth_capable = 0; 2177 asoc->peer.auth_capable = 0;
2141 2178
2142 2179 /* In a non-backward compatible mode, if the peer claims
2143 /* If the peer claims support for ADD-IP without support 2180 * support for ADD-IP but not AUTH, the ADD-IP spec states
2144 * for AUTH, disable support for ADD-IP. 2181 * that we MUST ABORT the association. Section 6. The section
2145 * Do this only if backward compatible mode is turned off. 2182 * also give us an option to silently ignore the packet, which
2183 * is what we'll do here.
2146 */ 2184 */
2147 if (!sctp_addip_noauth && 2185 if (!sctp_addip_noauth &&
2148 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2186 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
@@ -2150,6 +2188,7 @@ int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
2150 SCTP_PARAM_DEL_IP | 2188 SCTP_PARAM_DEL_IP |
2151 SCTP_PARAM_SET_PRIMARY); 2189 SCTP_PARAM_SET_PRIMARY);
2152 asoc->peer.asconf_capable = 0; 2190 asoc->peer.asconf_capable = 0;
2191 goto clean_up;
2153 } 2192 }
2154 2193
2155 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2194 /* Walk list of transports, removing transports in the UNKNOWN state. */
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 0c9f37eb7d8d..511d8c9a171a 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -507,7 +507,9 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
507 &err_chunk)) { 507 &err_chunk)) {
508 508
509 /* This chunk contains fatal error. It is to be discarded. 509 /* This chunk contains fatal error. It is to be discarded.
510 * Send an ABORT, with causes if there is any. 510 * Send an ABORT, with causes. If there are no causes,
511 * then there wasn't enough memory. Just terminate
512 * the association.
511 */ 513 */
512 if (err_chunk) { 514 if (err_chunk) {
513 packet = sctp_abort_pkt_new(ep, asoc, arg, 515 packet = sctp_abort_pkt_new(ep, asoc, arg,
@@ -526,9 +528,6 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
526 } else { 528 } else {
527 error = SCTP_ERROR_NO_RESOURCE; 529 error = SCTP_ERROR_NO_RESOURCE;
528 } 530 }
529 } else {
530 sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
531 error = SCTP_ERROR_INV_PARAM;
532 } 531 }
533 532
534 /* SCTP-AUTH, Section 6.3: 533 /* SCTP-AUTH, Section 6.3: