Re: [PATCHv2 net] sctp: use the correct skb for security_sctp_assoc_request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Thu, Apr 07, 2022 at 09:24:22AM -0400, Xin Long wrote:
> Yi Chen reported an unexpected sctp connection abort, and it occurred when
> COOKIE_ECHO is bundled with DATA Fragment by SCTP HW GSO. As the IP header
> is included in chunk->head_skb instead of chunk->skb, it failed to check
> IP header version in security_sctp_assoc_request().
> According to Ondrej, SELinux only looks at IP header (address and IPsec
> options) and XFRM state data, and these are all included in head_skb for
> SCTP HW GSO packets. So fix it by using head_skb when calling
> security_sctp_assoc_request() in processing COOKIE_ECHO.
> v1->v2:
>   - As Ondrej noticed, chunk->head_skb should also be used for
>     security_sctp_assoc_established() in sctp_sf_do_5_1E_ca().
> Fixes: e215dab1c490 ("security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce")
> Reported-by: Yi Chen <yiche@xxxxxxxxxx>
> Signed-off-by: Xin Long <>

Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>

[Index of Archives]     [Linux Networking Development]     [Linux OMAP]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     SCTP

  Powered by Linux