Date: Tue, 17 Sep 2019 09:46:43 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r352438 - head/sys/netinet Message-ID: <201909170946.x8H9khmT037960@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Tue Sep 17 09:46:42 2019 New Revision: 352438 URL: https://svnweb.freebsd.org/changeset/base/352438 Log: Only allow a SCTP-AUTH shared key to be updated by the application if it is not deactivated and not used. This avoids a use-after-free problem. Reported by: da_cheng_shao@yeah.net MFC after: 3 days Modified: head/sys/netinet/sctp_auth.c Modified: head/sys/netinet/sctp_auth.c ============================================================================== --- head/sys/netinet/sctp_auth.c Tue Sep 17 08:09:39 2019 (r352437) +++ head/sys/netinet/sctp_auth.c Tue Sep 17 09:46:42 2019 (r352438) @@ -523,7 +523,7 @@ sctp_insert_sharedkey(struct sctp_keyhead *shared_keys } else if (new_skey->keyid == skey->keyid) { /* replace the existing key */ /* verify this key *can* be replaced */ - if ((skey->deactivated) && (skey->refcount > 1)) { + if ((skey->deactivated) || (skey->refcount > 1)) { SCTPDBG(SCTP_DEBUG_AUTH1, "can't replace shared key id %u\n", new_skey->keyid);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909170946.x8H9khmT037960>