From owner-freebsd-net@FreeBSD.ORG Wed Jan 28 20:01:07 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AE617106568A for ; Wed, 28 Jan 2009 20:01:07 +0000 (UTC) (envelope-from yann.wanwanscappel@free.fr) Received: from smtpfb1-g21.free.fr (smtpfb1-g21.free.fr [212.27.42.9]) by mx1.freebsd.org (Postfix) with ESMTP id 20CC88FC0A for ; Wed, 28 Jan 2009 20:01:05 +0000 (UTC) (envelope-from yann.wanwanscappel@free.fr) Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [212.27.42.6]) by smtpfb1-g21.free.fr (Postfix) with ESMTP id 027302CA62 for ; Wed, 28 Jan 2009 20:51:03 +0100 (CET) Received: from smtp6-g21.free.fr (localhost [127.0.0.1]) by smtp6-g21.free.fr (Postfix) with ESMTP id 85DEDE080D6 for ; Wed, 28 Jan 2009 20:50:57 +0100 (CET) Received: from [192.168.0.10] (ax313-3-82-234-33-180.fbx.proxad.net [82.234.33.180]) by smtp6-g21.free.fr (Postfix) with ESMTP id 7D582E08071 for ; Wed, 28 Jan 2009 20:50:55 +0100 (CET) Message-ID: <4980B747.7070400@free.fr> Date: Wed, 28 Jan 2009 20:51:35 +0100 From: Yann WANWANSCAPPEL User-Agent: Thunderbird 2.0.0.19 (X11/20081209) MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Subject: SCTP, possible bug in peer authentication key X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2009 20:01:08 -0000 Hi all, I think I found a bug in the SCTP authentication code, in sctp_load_addresses_from_init() in sctp_pcb.c keylen = sizeof(*p_random) + random_len + sizeof(*chunks) + num_chunks + sizeof(*hmacs) + hmacs_len; The keylen calculation assumes the Chunk List Parameter (CHUNKS) vl-param was present in the received INIT packet, which can be false if peer SCTP does not require any chunk to be authenticated (this typically occurs if peer does not support ASCONF). >From RFC 4895, 6.1 * An SCTP endpoint has a list of chunks it only accepts if they are * received in an authenticated way. This list is included in the INIT * and INIT-ACK, and MAY be omitted if it is empty. Since this list * does not change during the lifetime of the SCTP endpoint there is no * problem in case of INIT collision. This case is properly handled later in the build of the key /* append in the AUTH chunks */ if (chunks != NULL) { ..... } I think the calculated keylen should be something like this : keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len; if (chunks != NULL) { keylen += sizeof(*chunks) + num_chunks } This problem results in authenticated packets sent from peer SCTP to be discarded. The problem does not occurs if peer SCTP is modified to send an empty Chunk List Parameter, (eg num_chunks = 0 in the decoding). Br, Yann