Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 67ac3b4c authored by Sriram Yagnaraman's avatar Sriram Yagnaraman Committed by Greg Kroah-Hartman
Browse files

netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE 



[ Upstream commit a9993591fa94246b16b444eea55d84c54608282a ]

RFC 9260, Sec 8.5.1 states that for ABORT/SHUTDOWN_COMPLETE, the chunk
MUST be accepted if the vtag of the packet matches its own tag and the
T bit is not set OR if it is set to its peer's vtag and the T bit is set
in chunk flags. Otherwise the packet MUST be silently dropped.

Update vtag verification for ABORT/SHUTDOWN_COMPLETE based on the above
description.

Fixes: 9fb9cbb1 ("[NETFILTER]: Add nf_conntrack subsystem.")
Signed-off-by: default avatarSriram Yagnaraman <sriram.yagnaraman@est.tech>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 8f0eb24f

net/netfilter/nf_conntrack_proto_sctp.c

+16 −9
Original line number Diff line number Diff line
@@ -412,22 +412,29 @@ int nf_conntrack_sctp_packet(struct nf_conn *ct, 
	for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {

		/* Special cases of Verification tag check (Sec 8.5.1) */

		if (sch->type == SCTP_CID_INIT) {

			/* Sec 8.5.1 (A) */

			/* (A) vtag MUST be zero */

			if (sh->vtag != 0)

				goto out_unlock;

		} else if (sch->type == SCTP_CID_ABORT) {

			/* Sec 8.5.1 (B) */

			if (sh->vtag != ct->proto.sctp.vtag[dir] &&

			    sh->vtag != ct->proto.sctp.vtag[!dir])

			/* (B) vtag MUST match own vtag if T flag is unset OR

			 * MUST match peer's vtag if T flag is set

			 */

			if ((!(sch->flags & SCTP_CHUNK_FLAG_T) &&

			     sh->vtag != ct->proto.sctp.vtag[dir]) ||

			    ((sch->flags & SCTP_CHUNK_FLAG_T) &&

			     sh->vtag != ct->proto.sctp.vtag[!dir]))

				goto out_unlock;

		} else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) {

			/* Sec 8.5.1 (C) */

			if (sh->vtag != ct->proto.sctp.vtag[dir] &&

			    sh->vtag != ct->proto.sctp.vtag[!dir] &&

			    sch->flags & SCTP_CHUNK_FLAG_T)

			/* (C) vtag MUST match own vtag if T flag is unset OR

			 * MUST match peer's vtag if T flag is set

			 */

			if ((!(sch->flags & SCTP_CHUNK_FLAG_T) &&

			     sh->vtag != ct->proto.sctp.vtag[dir]) ||

			    ((sch->flags & SCTP_CHUNK_FLAG_T) &&

			     sh->vtag != ct->proto.sctp.vtag[!dir]))

				goto out_unlock;

		} else if (sch->type == SCTP_CID_COOKIE_ECHO) {

			/* Sec 8.5.1 (D) */

			/* (D) vtag must be same as init_vtag as found in INIT_ACK */

			if (sh->vtag != ct->proto.sctp.vtag[dir])

				goto out_unlock;

		} else if (sch->type == SCTP_CID_HEARTBEAT) {