Date: Tue, 12 May 2020 16:55:32 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r360975 - releng/11.3/sys/netinet Message-ID: <202005121655.04CGtWYR063859@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon Date: Tue May 12 16:55:32 2020 New Revision: 360975 URL: https://svnweb.freebsd.org/changeset/base/360975 Log: Fix improper checking in SCTP-AUTH shared key update. Approved by: so Security: FreeBSD-SA-20:14.sctp Security: CVE-2019-15878 Modified: releng/11.3/sys/netinet/sctp_auth.c Modified: releng/11.3/sys/netinet/sctp_auth.c ============================================================================== --- releng/11.3/sys/netinet/sctp_auth.c Tue May 12 16:54:39 2020 (r360974) +++ releng/11.3/sys/netinet/sctp_auth.c Tue May 12 16:55:32 2020 (r360975) @@ -521,7 +521,7 @@ sctp_insert_sharedkey(struct sctp_keyhead *shared_keys } else if (new_skey->keyid == skey->keyid) { /* replace the existing key */ /* verify this key *can* be replaced */ - if ((skey->deactivated) && (skey->refcount > 1)) { + if ((skey->deactivated) || (skey->refcount > 1)) { SCTPDBG(SCTP_DEBUG_AUTH1, "can't replace shared key id %u\n", new_skey->keyid);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005121655.04CGtWYR063859>