sctp: use the correct skb for security_sctp_assoc_request - linux

diff options

author	Xin Long <lucien.xin@gmail.com>	2022-04-07 15:24:22 +0200
committer	Jakub Kicinski <kuba@kernel.org>	2022-04-08 23:38:58 +0200
commit	e2d88f9ce678cd33763826ae2f0412f181251314 (patch)
tree	4bf1cd3023f4fa5f6cd2e3f5f037fa71e8d35f06 /net/sched/cls_api.c
parent	mlxsw: i2c: Fix initialization error flow (diff)
download	linux-e2d88f9ce678cd33763826ae2f0412f181251314.tar.xz linux-e2d88f9ce678cd33763826ae2f0412f181251314.zip

sctp: use the correct skb for security_sctp_assoc_request

Yi Chen reported an unexpected sctp connection abort, and it occurred when COOKIE_ECHO is bundled with DATA Fragment by SCTP HW GSO. As the IP header is included in chunk->head_skb instead of chunk->skb, it failed to check IP header version in security_sctp_assoc_request(). According to Ondrej, SELinux only looks at IP header (address and IPsec options) and XFRM state data, and these are all included in head_skb for SCTP HW GSO packets. So fix it by using head_skb when calling security_sctp_assoc_request() in processing COOKIE_ECHO. v1->v2: - As Ondrej noticed, chunk->head_skb should also be used for security_sctp_assoc_established() in sctp_sf_do_5_1E_ca(). Fixes: e215dab1c490 ("security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce") Reported-by: Yi Chen <yiche@redhat.com> Signed-off-by: Xin Long <lucien.xin@gmail.com> Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Link: https://lore.kernel.org/r/71becb489e51284edf0c11fc15246f4ed4cef5b6.1649337862.git.lucien.xin@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'net/sched/cls_api.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: