[SCTP]: Add check for hmac_algo parameter in sctp_verify_param()

RFC 4890 has the following text: The HMAC algorithm based on SHA-1 MUST be supported and included in the HMAC-ALGO parameter. As a result, we need to check in sctp_verify_param() that HMAC_SHA1 is present in the list. If not, we should probably treat this as a protocol violation. It should also be a protocol violation if the HMAC parameter is empty. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Wei Yongjun <yjwei@cn.fujitsu.com> 2008-04-12 21:39:19 -0400
committer: David S. Miller <davem@davemloft.net> 2008-04-12 21:39:19 -0400
commit: 72da7b3860cabf427590b4982bc880bafab4d5c8 (patch)
tree: 7a5084f9eac6c5556d792d0503158860b046201f /net/sctp
parent: e56cfad132f2ae269082359d279c17230c987e74 (diff)
1 files changed, 26 insertions, 3 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 578630e8e00d..36ebb392472e 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1982,7 +1982,10 @@ static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc,
                                        struct sctp_chunk *chunk,
                                        struct sctp_chunk **err_chunk)
 {
+        struct sctp_hmac_algo_param *hmacs;
        int retval = SCTP_IERROR_NO_ERROR;
+        __u16 n_elt, id = 0;
+        int i;
        /* FIXME - This routine is not looking at each parameter per the
         * chunk type, i.e., unrecognized parameters should be further
@@ -2056,9 +2059,29 @@ static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc,
                break;
        case SCTP_PARAM_HMAC_ALGO:
-                if (sctp_auth_enable)
+                if (!sctp_auth_enable)
-                        break;
+                        goto fallthrough;
-                /* Fall Through */
+                hmacs = (struct sctp_hmac_algo_param *)param.p;
+                n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1;
+                /* SCTP-AUTH: Section 6.1
+                 * The HMAC algorithm based on SHA-1 MUST be supported and
+                 * included in the HMAC-ALGO parameter.
+                 */
+                for (i = 0; i < n_elt; i++) {
+                        id = ntohs(hmacs->hmac_ids[i]);
+                        if (id == SCTP_AUTH_HMAC_ID_SHA1)
+                                break;
+                }
+                if (id != SCTP_AUTH_HMAC_ID_SHA1) {
+                        sctp_process_inv_paramlength(asoc, param.p, chunk,
+                                                     err_chunk);
+                        retval = SCTP_IERROR_ABORT;
+                }
+                break;
 fallthrough:
        default:
                SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n",
author	Wei Yongjun <yjwei@cn.fujitsu.com>	2008-04-12 21:39:19 -0400
committer	David S. Miller <davem@davemloft.net>	2008-04-12 21:39:19 -0400
commit	72da7b3860cabf427590b4982bc880bafab4d5c8 (patch)
tree	7a5084f9eac6c5556d792d0503158860b046201f /net/sctp
parent	e56cfad132f2ae269082359d279c17230c987e74 (diff)

diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 578630e8e00d..36ebb392472e 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c
@@ -1982,7 +1982,10 @@ static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc,
1982	struct sctp_chunk *chunk,	1982	struct sctp_chunk *chunk,
1983	struct sctp_chunk **err_chunk)	1983	struct sctp_chunk **err_chunk)
1984	{	1984	{
		1985	struct sctp_hmac_algo_param *hmacs;
1985	int retval = SCTP_IERROR_NO_ERROR;	1986	int retval = SCTP_IERROR_NO_ERROR;
		1987	__u16 n_elt, id = 0;
		1988	int i;
1986		1989
1987	/* FIXME - This routine is not looking at each parameter per the	1990	/* FIXME - This routine is not looking at each parameter per the
1988	* chunk type, i.e., unrecognized parameters should be further	1991	* chunk type, i.e., unrecognized parameters should be further
@@ -2056,9 +2059,29 @@ static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc,
2056	break;	2059	break;
2057		2060
2058	case SCTP_PARAM_HMAC_ALGO:	2061	case SCTP_PARAM_HMAC_ALGO:
2059	if (sctp_auth_enable)	2062	if (!sctp_auth_enable)
2060	break;	2063	goto fallthrough;
2061	/* Fall Through */	2064
		2065	hmacs = (struct sctp_hmac_algo_param *)param.p;
		2066	n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1;
		2067
		2068	/* SCTP-AUTH: Section 6.1
		2069	* The HMAC algorithm based on SHA-1 MUST be supported and
		2070	* included in the HMAC-ALGO parameter.
		2071	*/
		2072	for (i = 0; i < n_elt; i++) {
		2073	id = ntohs(hmacs->hmac_ids[i]);
		2074
		2075	if (id == SCTP_AUTH_HMAC_ID_SHA1)
		2076	break;
		2077	}
		2078
		2079	if (id != SCTP_AUTH_HMAC_ID_SHA1) {
		2080	sctp_process_inv_paramlength(asoc, param.p, chunk,
		2081	err_chunk);
		2082	retval = SCTP_IERROR_ABORT;
		2083	}
		2084	break;
2062	fallthrough:	2085	fallthrough:
2063	default:	2086	default:
2064	SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n",	2087	SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n",