Thanks Xin! The patch looks good to me.
Acked-by: Ying Xue <ying....@windriver.com>
-----Original Message-----
From: Xin Long <lucien....@gmail.com>
Sent: Saturday, November 13, 2021 3:23 AM
To: tipc-discussion@lists.sourceforge.net
Subject: [tipc-discussion] [PATCH net] tipc: only accept encrypted MSG_CRYPTO
msgs
The MSG_CRYPTO msgs are always encrypted and sent to other nodes for keys'
deployment. But when receiving in peers, if those nodes do not validate it and
make sure it's encrypted, one could craft a malicious MSG_CRYPTO msg to deploy
its key with no need to know other nodes' keys.
This patch is to do that by checking TIPC_SKB_CB(skb)->decrypted and discard it
if this packet never got decrypted.
Fixes: 1ef6f7c9390f ("tipc: add automatic session key exchange")
Signed-off-by: Xin Long <lucien....@gmail.com>
---
net/tipc/link.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c index 1b7a487c8841..09ae8448f394
100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1298,8 +1298,11 @@ static bool tipc_data_input(struct tipc_link *l, struct
sk_buff *skb,
return false;
#ifdef CONFIG_TIPC_CRYPTO
case MSG_CRYPTO:
- tipc_crypto_msg_rcv(l->net, skb);
- return true;
+ if (TIPC_SKB_CB(skb)->decrypted) {
+ tipc_crypto_msg_rcv(l->net, skb);
+ return true;
+ }
+ fallthrough;
#endif
default:
pr_warn("Dropping received illegal msg type\n");
--
2.27.0
_______________________________________________
tipc-discussion mailing list
tipc-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
_______________________________________________
tipc-discussion mailing list
tipc-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
