From owner-freebsd-net@FreeBSD.ORG Thu Jan 29 08:23:25 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F209106566B for ; Thu, 29 Jan 2009 08:23:25 +0000 (UTC) (envelope-from Michael.Tuexen@lurchi.franken.de) Received: from mail-n.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) by mx1.freebsd.org (Postfix) with ESMTP id 8E5E78FC26 for ; Thu, 29 Jan 2009 08:23:24 +0000 (UTC) (envelope-from Michael.Tuexen@lurchi.franken.de) Received: from [IPv6:2002:508f:e793::21e:52ff:fe71:c926] (unknown [IPv6:2002:508f:e793:0:21e:52ff:fe71:c926]) by mail-n.franken.de (Postfix) with ESMTP id 52AD11C0C0BCC; Thu, 29 Jan 2009 09:23:22 +0100 (CET) Message-Id: From: =?ISO-8859-1?Q?Michael_T=FCxen?= To: Yann WANWANSCAPPEL In-Reply-To: <4980B747.7070400@free.fr> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Thu, 29 Jan 2009 09:23:21 +0100 References: <4980B747.7070400@free.fr> X-Mailer: Apple Mail (2.930.3) Cc: freebsd-net@freebsd.org Subject: Re: SCTP, possible bug in peer authentication key X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2009 08:23:25 -0000 Hi Yann, very good catch! You are right. I have committed your patch to Randalls repository, so it will show up in the FreeBSD sources soon (next time he syncs them)... Best regards Michael On Jan 28, 2009, at 8:51 PM, Yann WANWANSCAPPEL wrote: > Hi all, > > I think I found a bug in the SCTP authentication code, in > sctp_load_addresses_from_init() in sctp_pcb.c > > keylen = sizeof(*p_random) + random_len + sizeof(*chunks) + > num_chunks + > sizeof(*hmacs) + hmacs_len; > > The keylen calculation assumes the Chunk List Parameter (CHUNKS) > vl-param was present in the received INIT packet, which can be false > if > peer SCTP does not require any chunk to be authenticated (this > typically > occurs if peer does not support ASCONF). > >> From RFC 4895, 6.1 > > * An SCTP endpoint has a list of chunks it only accepts if they are > * received in an authenticated way. This list is included in the INIT > * and INIT-ACK, and MAY be omitted if it is empty. Since this list > * does not change during the lifetime of the SCTP endpoint there is no > * problem in case of INIT collision. > > This case is properly handled later in the build of the key > > /* append in the AUTH chunks */ > if (chunks != NULL) { > ..... > } > > I think the calculated keylen should be something like this : > > keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len; > > if (chunks != NULL) { > keylen += sizeof(*chunks) + num_chunks > } > > This problem results in authenticated packets sent from peer SCTP to > be > discarded. > > The problem does not occurs if peer SCTP is modified to send an empty > Chunk List Parameter, (eg num_chunks = 0 in the decoding). > > Br, > Yann > > > > > > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >