Acked-by: Jon Maloy <[email protected]>
On 11/14/21 08:09, Xue, Ying wrote:
Thanks Xin! The patch looks good to me.
Acked-by: Ying Xue <[email protected]>
-----Original Message-----
From: Xin Long <[email protected]>
Sent: Saturday, November 13, 2021 3:23 AM
To: [email protected]
Subject: [tipc-discussion] [PATCH net] tipc: only accept encrypted MSG_CRYPTO
msgs
The MSG_CRYPTO msgs are always encrypted and sent to other nodes for keys'
deployment. But when receiving in peers, if those nodes do not validate it and
make sure it's encrypted, one could craft a malicious MSG_CRYPTO msg to deploy
its key with no need to know other nodes' keys.
This patch is to do that by checking TIPC_SKB_CB(skb)->decrypted and discard it
if this packet never got decrypted.
Fixes: 1ef6f7c9390f ("tipc: add automatic session key exchange")
Signed-off-by: Xin Long <[email protected]>
---
net/tipc/link.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c index 1b7a487c8841..09ae8448f394
100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1298,8 +1298,11 @@ static bool tipc_data_input(struct tipc_link *l, struct
sk_buff *skb,
return false;
#ifdef CONFIG_TIPC_CRYPTO
case MSG_CRYPTO:
- tipc_crypto_msg_rcv(l->net, skb);
- return true;
+ if (TIPC_SKB_CB(skb)->decrypted) {
+ tipc_crypto_msg_rcv(l->net, skb);
+ return true;
+ }
+ fallthrough;
#endif
default:
pr_warn("Dropping received illegal msg type\n");
--
2.27.0
_______________________________________________
tipc-discussion mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
_______________________________________________
tipc-discussion mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
_______________________________________________
tipc-discussion mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
