svn commit: r334801 - stable/11/sys/netinet

Michael Tuexen tuexen at FreeBSD.org
Thu Jun 7 17:43:33 UTC 2018 

Author: tuexen
Date: Thu Jun  7 17:43:31 2018
New Revision: 334801
URL: https://svnweb.freebsd.org/changeset/base/334801

Log:
  MFC r334725:
  
  Improve compliance with RFC 4895 and RFC 6458.
  
  Silently dicard SCTP chunks which have been requested to be
  authenticated but are received unauthenticated no matter if support
  for SCTP authentication has been negotiated. This improves compliance
  with RFC 4895.
  
  When the application uses the SCTP_AUTH_CHUNK socket option to
  request a chunk to be received in an authenticated way, enable
  the SCTP authentication extension for the end-point. This improves
  compliance with RFC 6458.
  
  Discussed with:		Peter Lei
  Approved by:		re (gjb, early MFC)

Modified:
  stable/11/sys/netinet/sctp_input.c
  stable/11/sys/netinet/sctp_usrreq.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netinet/sctp_input.c
==============================================================================
--- stable/11/sys/netinet/sctp_input.c	Thu Jun  7 17:08:36 2018	(r334800)
+++ stable/11/sys/netinet/sctp_input.c	Thu Jun  7 17:43:31 2018	(r334801)
@@ -4810,7 +4810,6 @@ process_control_chunks:
 
 		/* check to see if this chunk required auth, but isn't */
 		if ((stcb != NULL) &&
-		    (stcb->asoc.auth_supported == 1) &&
 		    sctp_auth_is_required_chunk(ch->chunk_type, stcb->asoc.local_auth_chunks) &&
 		    !stcb->asoc.authenticated) {
 			/* "silently" ignore */
@@ -5687,7 +5686,6 @@ sctp_common_input_processing(struct mbuf **mm, int iph
 		 * chunks
 		 */
 		if ((stcb != NULL) &&
-		    (stcb->asoc.auth_supported == 1) &&
 		    sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks)) {
 			/* "silently" ignore */
 			SCTP_STAT_INCR(sctps_recvauthmissing);
@@ -5729,7 +5727,6 @@ sctp_common_input_processing(struct mbuf **mm, int iph
 	 */
 	if ((length > offset) &&
 	    (stcb != NULL) &&
-	    (stcb->asoc.auth_supported == 1) &&
 	    sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks) &&
 	    !stcb->asoc.authenticated) {
 		/* "silently" ignore */

Modified: stable/11/sys/netinet/sctp_usrreq.c
==============================================================================
--- stable/11/sys/netinet/sctp_usrreq.c	Thu Jun  7 17:08:36 2018	(r334800)
+++ stable/11/sys/netinet/sctp_usrreq.c	Thu Jun  7 17:43:31 2018	(r334801)
@@ -4248,6 +4248,8 @@ sctp_setopt(struct socket *so, int optname, void *optv
 			if (sctp_auth_add_chunk(sauth->sauth_chunk, inp->sctp_ep.local_auth_chunks)) {
 				SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL);
 				error = EINVAL;
+			} else {
+				inp->auth_supported = 1;
 			}
 			SCTP_INP_WUNLOCK(inp);
 			break;

More information about the svn-src-all mailing list