Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6afd2e83cd86b17b074e1854d063b8ec590d7f5b
Commit:     6afd2e83cd86b17b074e1854d063b8ec590d7f5b
Parent:     195ad6a3ac8b5c4eef4916efcb673e96e6f09d89
Author:     Vlad Yasevich <[EMAIL PROTECTED]>
AuthorDate: Thu Dec 20 14:08:04 2007 -0800
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Mon Jan 28 14:59:19 2008 -0800

    [SCTP]: Discard unauthenticated ASCONF and ASCONF ACK chunks
    
    Now that we support AUTH, discard unauthenticated ASCONF and ASCONF ACK
    chunks as mandated in the ADD-IP spec.
    
    Signed-off-by: Vlad Yasevich <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
---
 net/sctp/sm_statefuns.c |   18 ++++++++++++++++++
 1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index d247ed4..b6aaa7e 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -3377,6 +3377,15 @@ sctp_disposition_t sctp_sf_do_asconf(const struct 
sctp_endpoint *ep,
                return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
        }
 
+       /* ADD-IP: Section 4.1.1
+        * This chunk MUST be sent in an authenticated way by using
+        * the mechanism defined in [I-D.ietf-tsvwg-sctp-auth]. If this chunk
+        * is received unauthenticated it MUST be silently discarded as
+        * described in [I-D.ietf-tsvwg-sctp-auth].
+        */
+       if (!sctp_addip_noauth && !chunk->auth)
+               return sctp_sf_discard_chunk(ep, asoc, type, arg, commands);
+
        /* Make sure that the ASCONF ADDIP chunk has a valid length.  */
        if (!sctp_chunk_length_valid(chunk, sizeof(sctp_addip_chunk_t)))
                return sctp_sf_violation_chunklen(ep, asoc, type, arg,
@@ -3463,6 +3472,15 @@ sctp_disposition_t sctp_sf_do_asconf_ack(const struct 
sctp_endpoint *ep,
                return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
        }
 
+       /* ADD-IP, Section 4.1.2:
+        * This chunk MUST be sent in an authenticated way by using
+        * the mechanism defined in [I-D.ietf-tsvwg-sctp-auth]. If this chunk
+        * is received unauthenticated it MUST be silently discarded as
+        * described in [I-D.ietf-tsvwg-sctp-auth].
+        */
+       if (!sctp_addip_noauth && !asconf_ack->auth)
+               return sctp_sf_discard_chunk(ep, asoc, type, arg, commands);
+
        /* Make sure that the ADDIP chunk has a valid length.  */
        if (!sctp_chunk_length_valid(asconf_ack, sizeof(sctp_addip_chunk_t)))
                return sctp_sf_violation_chunklen(ep, asoc, type, arg,
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to