svn commit: r360975 - releng/11.3/sys/netinet
Gordon Tetlow
gordon at FreeBSD.org
Tue May 12 16:55:33 UTC 2020
Author: gordon
Date: Tue May 12 16:55:32 2020
New Revision: 360975
URL: https://svnweb.freebsd.org/changeset/base/360975
Log:
Fix improper checking in SCTP-AUTH shared key update.
Approved by: so
Security: FreeBSD-SA-20:14.sctp
Security: CVE-2019-15878
Modified:
releng/11.3/sys/netinet/sctp_auth.c
Modified: releng/11.3/sys/netinet/sctp_auth.c
==============================================================================
--- releng/11.3/sys/netinet/sctp_auth.c Tue May 12 16:54:39 2020 (r360974)
+++ releng/11.3/sys/netinet/sctp_auth.c Tue May 12 16:55:32 2020 (r360975)
@@ -521,7 +521,7 @@ sctp_insert_sharedkey(struct sctp_keyhead *shared_keys
} else if (new_skey->keyid == skey->keyid) {
/* replace the existing key */
/* verify this key *can* be replaced */
- if ((skey->deactivated) && (skey->refcount > 1)) {
+ if ((skey->deactivated) || (skey->refcount > 1)) {
SCTPDBG(SCTP_DEBUG_AUTH1,
"can't replace shared key id %u\n",
new_skey->keyid);
More information about the svn-src-releng
mailing list