Date: Wed, 6 Jun 2018 19:27:07 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r334725 - head/sys/netinet Message-ID: <201806061927.w56JR7xc090826@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Wed Jun 6 19:27:06 2018 New Revision: 334725 URL: https://svnweb.freebsd.org/changeset/base/334725 Log: Improve compliance with RFC 4895 and RFC 6458. Silently dicard SCTP chunks which have been requested to be authenticated but are received unauthenticated no matter if support for SCTP authentication has been negotiated. This improves compliance with RFC 4895. When the application uses the SCTP_AUTH_CHUNK socket option to request a chunk to be received in an authenticated way, enable the SCTP authentication extension for the end-point. This improves compliance with RFC 6458. Discussed with: Peter Lei MFC after: 3 days Modified: head/sys/netinet/sctp_input.c head/sys/netinet/sctp_usrreq.c Modified: head/sys/netinet/sctp_input.c ============================================================================== --- head/sys/netinet/sctp_input.c Wed Jun 6 18:52:33 2018 (r334724) +++ head/sys/netinet/sctp_input.c Wed Jun 6 19:27:06 2018 (r334725) @@ -4809,7 +4809,6 @@ process_control_chunks: /* check to see if this chunk required auth, but isn't */ if ((stcb != NULL) && - (stcb->asoc.auth_supported == 1) && sctp_auth_is_required_chunk(ch->chunk_type, stcb->asoc.local_auth_chunks) && !stcb->asoc.authenticated) { /* "silently" ignore */ @@ -5698,7 +5697,6 @@ sctp_common_input_processing(struct mbuf **mm, int iph * chunks */ if ((stcb != NULL) && - (stcb->asoc.auth_supported == 1) && sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks)) { /* "silently" ignore */ SCTP_STAT_INCR(sctps_recvauthmissing); @@ -5740,7 +5738,6 @@ sctp_common_input_processing(struct mbuf **mm, int iph */ if ((length > offset) && (stcb != NULL) && - (stcb->asoc.auth_supported == 1) && sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks) && !stcb->asoc.authenticated) { /* "silently" ignore */ Modified: head/sys/netinet/sctp_usrreq.c ============================================================================== --- head/sys/netinet/sctp_usrreq.c Wed Jun 6 18:52:33 2018 (r334724) +++ head/sys/netinet/sctp_usrreq.c Wed Jun 6 19:27:06 2018 (r334725) @@ -4250,6 +4250,8 @@ sctp_setopt(struct socket *so, int optname, void *optv if (sctp_auth_add_chunk(sauth->sauth_chunk, inp->sctp_ep.local_auth_chunks)) { SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); error = EINVAL; + } else { + inp->auth_supported = 1; } SCTP_INP_WUNLOCK(inp); break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806061927.w56JR7xc090826>