Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2835655pxb; Mon, 1 Nov 2021 02:52:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxHaYhh58veZaIRMZdVB2OFC6T7cMT7KedU3J5xEs65kh6jffoKgYb8tzEx9iwnnxeAVjxn X-Received: by 2002:a05:6638:190f:: with SMTP id p15mr4463143jal.82.1635760328189; Mon, 01 Nov 2021 02:52:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635760328; cv=none; d=google.com; s=arc-20160816; b=dDl+RLGWv68DEGOaTCr4+qcFB/CjI02CAHkt0gvMEhNvkWLraXecEaxR00KVM4We5G Fp3KJ4iO8v3Wyw93Fh5rfX/F91x/z6o5DpSKoU1IzG5P1XWzP/vlIbLVmtbuYgHI5MCp arzGYmydaCTxEu5czx/vmTPawIrBcmcK89uv3ktZk/vjHwmprtvQcmdP5Ns74vgTvyZJ oEb5wiB5+kdTPRuJpsB3nfXccIVTx8pa0M19R+IRa2VfTVjJcyIuV+O1Q302dYFuUVeo VwJ7weSM30VpAdrI9biQS7tsOMxz0CF13shja/eIxn5lXz6w4djd4ZGqnBAgRzlRTT+L M/Kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KUJrAWzqD8xhkFnla+oWOUHN1HRS1KpDuptr4k+MYT8=; b=XzIUxtx9NX2zJubylXxu8yYuomRf322y014QLz8lXyux4xxR1ijCr3MDKnm2/L/AaV TtqbjYEpRKqzcThV0n/zMUOXY4PEPGYGg1CAump/Y/PTMsieoyDzs7eAUuzqNyTRINmz HobFtiqky8+RfY2UkI7k+2oJzHirpeW3EYr+/sgoiLg2IbJlZPflKojxgR1p9iHO8PGA gRdHMp5oGX1/ra7+mMsvIroFW2byaB2dgjGzGeqmiOyMgFMWvx39qKpRCVRUkmal8xx3 TN2xu6pAQzK57a3XI8233sMWdDCbGcjnO6vzZbW/4JaETRU7YxZByMt11ZOET0RbEJmY jqOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=QIXoMaS5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v12si15389062jas.67.2021.11.01.02.51.56; Mon, 01 Nov 2021 02:52:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=QIXoMaS5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233135AbhKAJwu (ORCPT + 99 others); Mon, 1 Nov 2021 05:52:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:52156 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234590AbhKAJs2 (ORCPT ); Mon, 1 Nov 2021 05:48:28 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 32F6661401; Mon, 1 Nov 2021 09:31:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1635759066; bh=WLY8H+wkc9mJ5duFKJxVHhdQsUXMKn34u44rPoOT6Mw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QIXoMaS55KkSF8OczDTrKSngf1sNVE96Vpoeh14jZjMGAJ4wkTHgjVkwZY8RdvQM1 Dzet20dekDkO6JOmcv4gTjGwY0EqhdNC9D5LA/W6KyjeQEi3532j819AK5nIFvMf2D 2k3nnnBUmOg4l5+Iz6ewuQLfT9lwM4L6nR0eZNFA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xin Long , Marcelo Ricardo Leitner , Jakub Kicinski , Sasha Levin Subject: [PATCH 5.14 099/125] sctp: use init_tag from inithdr for ABORT chunk Date: Mon, 1 Nov 2021 10:17:52 +0100 Message-Id: <20211101082551.857609767@linuxfoundation.org> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211101082533.618411490@linuxfoundation.org> References: <20211101082533.618411490@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Xin Long [ Upstream commit 4f7019c7eb33967eb87766e0e4602b5576873680 ] Currently Linux SCTP uses the verification tag of the existing SCTP asoc when failing to process and sending the packet with the ABORT chunk. This will result in the peer accepting the ABORT chunk and removing the SCTP asoc. One could exploit this to terminate a SCTP asoc. This patch is to fix it by always using the initiate tag of the received INIT chunk for the ABORT chunk to be sent. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin --- net/sctp/sm_statefuns.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index 32df65f68c12..7f8306968c39 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -6348,6 +6348,7 @@ static struct sctp_packet *sctp_ootb_pkt_new( * yet. */ switch (chunk->chunk_hdr->type) { + case SCTP_CID_INIT: case SCTP_CID_INIT_ACK: { struct sctp_initack_chunk *initack; -- 2.33.0