Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2824041pxb; Mon, 1 Nov 2021 02:34:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy1OTcTvexdYpRMUFDsFGAvcpqSgGxerRxogUrNxZ+3xhvYObGGC1PjCG3khVIgqifnYdsH X-Received: by 2002:a17:906:7304:: with SMTP id di4mr15610484ejc.474.1635759266717; Mon, 01 Nov 2021 02:34:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635759266; cv=none; d=google.com; s=arc-20160816; b=TvzL3JZifr5PfQGOZqgYgMnZOyPx29Sgd+7awANbs1OgfJ6T9QA02iIvDNw17z2tMS JqtN8zXXwEyU5vA98MHBasZnlo0/zDlVuy72sByM5IA45ZqGHD0pHHxgp1uAMC/rSta8 ZaPViBQDNqGRMsDA+63oXOiHDSftd0H1q44mShhOmHmE5SRYX74DLDAe5+s7dxiBIEft 4NlYCbpumGmUfzKt+vCT9sL3Q7hTNhISWQT8+D9VZVcAsFlmfjkLF5Qr3MFqCMsRcIHG vY7npjNJc8/wbWZaU+d6bIMRXQRpiANURa5AV6HjVNw9AtcJ7bzxs1AsfuW10muQ7TxP X2RQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=A8aLp0ry2QNt3xnsmPYUzMOy39VeEh0lMCFf+MfrZC8=; b=KzmWYkA/xGx6zzZP6yVYxkzfpnPreaqYHtgW12SuqKXIxUjhVTkzEY6lueFx6W93qM LyvbHTCcLXMQoeru5vCRPBDfIzjMUa1DNqLwmSRTxah92/ms7sqXvoYXG8SmxfvqAdWB lZW6Gx2ZDMJGp4YkWYUesseGz+qokK+ejYuOoQnyUsBQxIuVtp6paO2glhVx3+RbC7dS jYgZ3XRB49DwV4/beibOpL8veKWoTTb0jym3iIHT2DOZr8HLcgIbq4Gic7PAzq/JltCo 9kdiGZgnIUMsYsr3masDcru+zcxWd12hLNt1hC4eGjkZo+V7n2fzCYZWgaoQuM06ggvp 4zkQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="VHqp/iMs"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w18si25643590edd.589.2021.11.01.02.34.02; Mon, 01 Nov 2021 02:34:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="VHqp/iMs"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233417AbhKAJdZ (ORCPT + 99 others); Mon, 1 Nov 2021 05:33:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:37074 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232707AbhKAJaQ (ORCPT ); Mon, 1 Nov 2021 05:30:16 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 1AFB661244; Mon, 1 Nov 2021 09:23:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1635758625; bh=V2NimrkSPs5EYeIrch/3y/YC02C+RFk1wvnJq4QVqOU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VHqp/iMssgj3i/S073V/B++JrPyY7Fyef3XRZ6uy3ycGSKoT73oVn3sUCyY2CSHO8 gKBaqPv/yRB8bfmOvUYG6zWTIbm7/MIM1PBrkWlQAX+wB2SKNs0qogujfVCcSsHA63 XfaPArjlwRH79W05p+e2dd8gkVrc1h8m1LT1lRHQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xin Long , Marcelo Ricardo Leitner , Jakub Kicinski , Sasha Levin Subject: [PATCH 5.4 41/51] sctp: use init_tag from inithdr for ABORT chunk Date: Mon, 1 Nov 2021 10:17:45 +0100 Message-Id: <20211101082510.253739069@linuxfoundation.org> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211101082500.203657870@linuxfoundation.org> References: <20211101082500.203657870@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Xin Long [ Upstream commit 4f7019c7eb33967eb87766e0e4602b5576873680 ] Currently Linux SCTP uses the verification tag of the existing SCTP asoc when failing to process and sending the packet with the ABORT chunk. This will result in the peer accepting the ABORT chunk and removing the SCTP asoc. One could exploit this to terminate a SCTP asoc. This patch is to fix it by always using the initiate tag of the received INIT chunk for the ABORT chunk to be sent. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin --- net/sctp/sm_statefuns.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index 82a202d71a31..962b848459f5 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -6248,6 +6248,7 @@ static struct sctp_packet *sctp_ootb_pkt_new( * yet. */ switch (chunk->chunk_hdr->type) { + case SCTP_CID_INIT: case SCTP_CID_INIT_ACK: { struct sctp_initack_chunk *initack; -- 2.33.0