git.stricted.de - GitHub/LineageOS/G12/android_kernel_amlogic

author	Xin Long <lucien.xin@gmail.com>
	Sat, 5 May 2018 06:59:47 +0000 (14:59 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 19 May 2018 08:26:59 +0000 (10:26 +0200)
commit	0e67ad52f9d181411918546f64f2c694dca53bbf
tree	35d750f61a3e71bbdf37319a017e081a01296960	tree \| snapshot (tar.gz zip)
parent	db869e7dd670f2991030b226d44e5de3a82987b1	commit \| diff

sctp: delay the authentication for the duplicated cookie-echo chunk

[ Upstream commit 59d8d4434f429b4fa8a346fd889058bda427a837 ]

Now sctp only delays the authentication for the normal cookie-echo
chunk by setting chunk->auth_chunk in sctp_endpoint_bh_rcv(). But
for the duplicated one with auth, in sctp_assoc_bh_rcv(), it does
authentication first based on the old asoc, which will definitely
fail due to the different auth info in the old asoc.

The duplicated cookie-echo chunk will create a new asoc with the
auth info from this chunk, and the authentication should also be
done with the new asoc's auth info for all of the collision 'A',
'B' and 'D'. Otherwise, the duplicated cookie-echo chunk with auth
will never pass the authentication and create the new connection.

This issue exists since very beginning, and this fix is to make
sctp_assoc_bh_rcv() follow the way sctp_endpoint_bh_rcv() does
for the normal cookie-echo chunk to delay the authentication.

While at it, remove the unused params from sctp_sf_authenticate()
and define sctp_auth_chunk_verify() used for all the places that
do the delayed authentication.

v1->v2:
fix the typo in changelog as Marcelo noticed.

Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net/sctp/associola.c		diff \| blob \| blame \| history
net/sctp/sm_statefuns.c		diff \| blob \| blame \| history