Date: Thu, 7 Jun 2018 17:43:31 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r334801 - stable/11/sys/netinet Message-ID: <201806071743.w57HhVv1064440@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Thu Jun 7 17:43:31 2018 New Revision: 334801 URL: https://svnweb.freebsd.org/changeset/base/334801 Log: MFC r334725: Improve compliance with RFC 4895 and RFC 6458. Silently dicard SCTP chunks which have been requested to be authenticated but are received unauthenticated no matter if support for SCTP authentication has been negotiated. This improves compliance with RFC 4895. When the application uses the SCTP_AUTH_CHUNK socket option to request a chunk to be received in an authenticated way, enable the SCTP authentication extension for the end-point. This improves compliance with RFC 6458. Discussed with: Peter Lei Approved by: re (gjb, early MFC) Modified: stable/11/sys/netinet/sctp_input.c stable/11/sys/netinet/sctp_usrreq.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_input.c ============================================================================== --- stable/11/sys/netinet/sctp_input.c Thu Jun 7 17:08:36 2018 (r334800) +++ stable/11/sys/netinet/sctp_input.c Thu Jun 7 17:43:31 2018 (r334801) @@ -4810,7 +4810,6 @@ process_control_chunks: /* check to see if this chunk required auth, but isn't */ if ((stcb != NULL) && - (stcb->asoc.auth_supported == 1) && sctp_auth_is_required_chunk(ch->chunk_type, stcb->asoc.local_auth_chunks) && !stcb->asoc.authenticated) { /* "silently" ignore */ @@ -5687,7 +5686,6 @@ sctp_common_input_processing(struct mbuf **mm, int iph * chunks */ if ((stcb != NULL) && - (stcb->asoc.auth_supported == 1) && sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks)) { /* "silently" ignore */ SCTP_STAT_INCR(sctps_recvauthmissing); @@ -5729,7 +5727,6 @@ sctp_common_input_processing(struct mbuf **mm, int iph */ if ((length > offset) && (stcb != NULL) && - (stcb->asoc.auth_supported == 1) && sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks) && !stcb->asoc.authenticated) { /* "silently" ignore */ Modified: stable/11/sys/netinet/sctp_usrreq.c ============================================================================== --- stable/11/sys/netinet/sctp_usrreq.c Thu Jun 7 17:08:36 2018 (r334800) +++ stable/11/sys/netinet/sctp_usrreq.c Thu Jun 7 17:43:31 2018 (r334801) @@ -4248,6 +4248,8 @@ sctp_setopt(struct socket *so, int optname, void *optv if (sctp_auth_add_chunk(sauth->sauth_chunk, inp->sctp_ep.local_auth_chunks)) { SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); error = EINVAL; + } else { + inp->auth_supported = 1; } SCTP_INP_WUNLOCK(inp); break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806071743.w57HhVv1064440>