提交 · 7cc08b55fc476a9474e4dc9da41071b5dc2b406e · gsplhtlxg / clone-Linux

05 2月, 2008 1 次提交

[SCTP]: Fix kernel panic while received AUTH chunk with BAD shared key identifier · 7cc08b55

由 Wei Yongjun 提交于 2月 05, 2008

If SCTP-AUTH is enabled, received AUTH chunk with BAD shared key 
identifier will cause kernel panic.

Test as following:
step1: enabled /proc/sys/net/sctp/auth_enable
step 2:  connect  to SCTP server with auth capable. Association is 
established between endpoints. Then send a AUTH chunk with a bad 
shareid, SCTP server will kernel panic after received that AUTH chunk.

SCTP client                   SCTP server
  INIT         ---------->  
    (with auth capable)
               <----------    INIT-ACK
                              (with auth capable)
  COOKIE-ECHO  ---------->
               <----------    COOKIE-ACK
  AUTH         ---------->

AUTH chunk is like this:
  AUTH chunk
    Chunk type: AUTH (15)
    Chunk flags: 0x00
    Chunk length: 28
    Shared key identifier: 10
    HMAC identifier: SHA-1 (1)
    HMAC: 0000000000000000000000000000000000000000

The assignment of NULL to key can safely be removed, since key_for_each 
(which is just list_for_each_entry under the covers does an initial 
assignment to key anyway).

If the endpoint_shared_keys list is empty, or if the key_id being 
requested does not exist, the function as it currently stands returns 
the actuall list_head (in this case endpoint_shared_keys.  Since that 
list_head isn't surrounded by an actuall data structure, the last 
iteration through list_for_each_entry will do a container_of on key, and 
we wind up returning a bogus pointer, instead of NULL, as we should.

> Neil Horman wrote:
>> On Tue, Jan 22, 2008 at 05:29:20PM +0900, Wei Yongjun wrote:
>>
>> FWIW, Ack from me.  The assignment of NULL to key can safely be 
>> removed, since
>> key_for_each (which is just list_for_each_entry under the covers does 
>> an initial
>> assignment to key anyway).
>> If the endpoint_shared_keys list is empty, or if the key_id being 
>> requested does
>> not exist, the function as it currently stands returns the actuall 
>> list_head (in
>> this case endpoint_shared_keys.  Since that list_head isn't 
>> surrounded by an
>> actuall data structure, the last iteration through 
>> list_for_each_entry will do a
>> container_of on key, and we wind up returning a bogus pointer, 
>> instead of NULL,
>> as we should.  Wei's patch corrects that.
>>
>> Regards
>> Neil
>>
>> Acked-by: Neil Horman <nhorman@tuxdriver.com>
>>
>
> Yep, the patch is correct.
>
> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>
>
> -vlad
>
Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
Acked-by: NNeil Horman <nhorman@tuxdriver.com>
Acked-by: NVlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

7cc08b55

29 11月, 2007 2 次提交

SCTP: Fix build issues with SCTP AUTH. · b7e0fe9f

由 Vlad Yasevich 提交于 11月 29, 2007

SCTP-AUTH requires selection of CRYPTO, HMAC and SHA1 since
SHA1 is a MUST requirement for AUTH.  We also support SHA256,
but that's optional, so fix the code to treat it as such.
Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>

b7e0fe9f

SCTP: Fix chunk acceptance when no authenticated chunks were listed. · 555d3d5d

由 Vlad Yasevich 提交于 11月 29, 2007

In the case where no autheticated chunks were specified, we were still
trying to verify that a given chunk needs authentication and doing so
incorrectly. Add a check for parameter length to make sure we don't
try to use an empty auth_chunks parameter to verify against.
Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>

555d3d5d

29 10月, 2007 1 次提交

SCTP endianness annotations regression · d06f6082

由 Al Viro 提交于 10月 29, 2007

Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Acked-by: NDavid S. Miller <davem@davemloft.net>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

d06f6082

27 10月, 2007 1 次提交

[CRYPTO] users: Fix up scatterlist conversion errors · 68e3f5dd

由 Herbert Xu 提交于 10月 27, 2007

This patch fixes the errors made in the users of the crypto layer during
the sg_init_table conversion.  It also adds a few conversions that were
missing altogether.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

68e3f5dd

26 10月, 2007 1 次提交

[SCTP] net/sctp/auth.c: make 3 functions static · 8ad7c62b

由 Adrian Bunk 提交于 10月 26, 2007

This patch makes three needlessly global functions static.
Signed-off-by: NAdrian Bunk <bunk@kernel.org>
Acked-by: NVlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

8ad7c62b

24 10月, 2007 1 次提交

SG: Change sg_set_page() to take length and offset argument · 642f1490

由 Jens Axboe 提交于 10月 24, 2007

Most drivers need to set length and offset as well, so may as well fold
those three lines into one.

Add sg_assign_page() for those two locations that only needed to set
the page, where the offset/length is set outside of the function context.
Signed-off-by: NJens Axboe <jens.axboe@oracle.com>

642f1490

23 10月, 2007 1 次提交
- J
  Update net/ to use sg helpers · fa05f128
  由 Jens Axboe 提交于 10月 22, 2007
```
Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
```
  fa05f128
11 10月, 2007 2 次提交

[SCTP]: API updates to suport SCTP-AUTH extensions. · 65b07e5d

由 Vlad Yasevich 提交于 9月 16, 2007

Add SCTP-AUTH API.  The API implemented here was
agreed to between implementors at the 9th SCTP Interop.
It will be documented in the next revision of the
SCTP socket API spec.
Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

65b07e5d

[SCTP]: Implement SCTP-AUTH internals · 1f485649

由 Vlad Yasevich 提交于 10月 09, 2007

This patch implements the internals operations of the AUTH, such as
key computation and storage.  It also adds necessary variables to
the SCTP data structures.
Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

1f485649