1. 29 2月, 2008 1 次提交
  2. 05 2月, 2008 2 次提交
    • V
      [SCTP]: Stop claiming that this is a "reference implementation" · 60c778b2
      Vlad Yasevich 提交于
      I was notified by Randy Stewart that lksctp claims to be
      "the reference implementation".  First of all, "the
      refrence implementation" was the original implementation
      of SCTP in usersapce written ty Randy and a few others.
      Second, after looking at the definiton of 'reference implementation',
      we don't really meet the requirements.
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      60c778b2
    • W
      [SCTP]: Fix kernel panic while received AUTH chunk with BAD shared key identifier · 7cc08b55
      Wei Yongjun 提交于
      If SCTP-AUTH is enabled, received AUTH chunk with BAD shared key 
      identifier will cause kernel panic.
      
      Test as following:
      step1: enabled /proc/sys/net/sctp/auth_enable
      step 2:  connect  to SCTP server with auth capable. Association is 
      established between endpoints. Then send a AUTH chunk with a bad 
      shareid, SCTP server will kernel panic after received that AUTH chunk.
      
      SCTP client                   SCTP server
        INIT         ---------->  
          (with auth capable)
                     <----------    INIT-ACK
                                    (with auth capable)
        COOKIE-ECHO  ---------->
                     <----------    COOKIE-ACK
        AUTH         ---------->
      
      
      AUTH chunk is like this:
        AUTH chunk
          Chunk type: AUTH (15)
          Chunk flags: 0x00
          Chunk length: 28
          Shared key identifier: 10
          HMAC identifier: SHA-1 (1)
          HMAC: 0000000000000000000000000000000000000000
      
      The assignment of NULL to key can safely be removed, since key_for_each 
      (which is just list_for_each_entry under the covers does an initial 
      assignment to key anyway).
      
      If the endpoint_shared_keys list is empty, or if the key_id being 
      requested does not exist, the function as it currently stands returns 
      the actuall list_head (in this case endpoint_shared_keys.  Since that 
      list_head isn't surrounded by an actuall data structure, the last 
      iteration through list_for_each_entry will do a container_of on key, and 
      we wind up returning a bogus pointer, instead of NULL, as we should.
      
      > Neil Horman wrote:
      >> On Tue, Jan 22, 2008 at 05:29:20PM +0900, Wei Yongjun wrote:
      >>
      >> FWIW, Ack from me.  The assignment of NULL to key can safely be 
      >> removed, since
      >> key_for_each (which is just list_for_each_entry under the covers does 
      >> an initial
      >> assignment to key anyway).
      >> If the endpoint_shared_keys list is empty, or if the key_id being 
      >> requested does
      >> not exist, the function as it currently stands returns the actuall 
      >> list_head (in
      >> this case endpoint_shared_keys.  Since that list_head isn't 
      >> surrounded by an
      >> actuall data structure, the last iteration through 
      >> list_for_each_entry will do a
      >> container_of on key, and we wind up returning a bogus pointer, 
      >> instead of NULL,
      >> as we should.  Wei's patch corrects that.
      >>
      >> Regards
      >> Neil
      >>
      >> Acked-by: Neil Horman <nhorman@tuxdriver.com>
      >>
      >
      > Yep, the patch is correct.
      >
      > Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>
      >
      > -vlad
      >
      Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Acked-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7cc08b55
  3. 29 11月, 2007 2 次提交
  4. 29 10月, 2007 1 次提交
  5. 27 10月, 2007 1 次提交
  6. 26 10月, 2007 1 次提交
  7. 24 10月, 2007 1 次提交
  8. 23 10月, 2007 1 次提交
  9. 11 10月, 2007 2 次提交