sctp: use init_tag from inithdr for ABORT chunk

Currently Linux SCTP uses the verification tag of the existing SCTP asoc when failing to process and sending the packet with the ABORT chunk. This will result in the peer accepting the ABORT chunk and removing the SCTP asoc. One could exploit this to terminate a SCTP asoc. This patch is to fix it by always using the initiate tag of the received INIT chunk for the ABORT chunk to be sent. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Xin Long <lucien.xin@gmail.com> 2021-10-20 07:42:41 -0400
committer: Jakub Kicinski <kuba@kernel.org> 2021-10-22 12:36:43 -0700
commit: 4f7019c7eb33967eb87766e0e4602b5576873680 (patch)
tree: 8fd9b74c6777b9f456d7185d324b20fb9eda1a71
parent: 7f678def99d29c520418607509bb19c7fc96a6db (diff)
download: linux-4f7019c7eb33967eb87766e0e4602b5576873680.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 32df65f68c123..7f8306968c393 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -6348,6 +6348,7 @@ static struct sctp_packet *sctp_ootb_pkt_new(
 		 * yet.
 		 */
 		switch (chunk->chunk_hdr->type) {
+		case SCTP_CID_INIT:
 		case SCTP_CID_INIT_ACK:
 		{
 			struct sctp_initack_chunk *initack;
author	Xin Long <lucien.xin@gmail.com>	2021-10-20 07:42:41 -0400
committer	Jakub Kicinski <kuba@kernel.org>	2021-10-22 12:36:43 -0700
commit	4f7019c7eb33967eb87766e0e4602b5576873680 (patch)
tree	8fd9b74c6777b9f456d7185d324b20fb9eda1a71
parent	7f678def99d29c520418607509bb19c7fc96a6db (diff)
download	linux-4f7019c7eb33967eb87766e0e4602b5576873680.tar.gz