[PATCH 0/3] [SCTP] AUTH Bug fixes

[PATCH 0/3] [SCTP] AUTH Bug fixes

[Vlad Yasevich]

Hi David

The following 3 paches address some issues with the AUTH implementation.
These are for 2.6.24.

Thanks
-vlad 

[PATCH 1/3] [SCTP]: Fix the name of the authentication event.

[Vlad Yasevich]

The even should be called SCTP_AUTHENTICATION_INDICATION.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
---
 include/net/sctp/user.h |    2 +-
 net/sctp/ulpevent.c     |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/net/sctp/user.h b/include/net/sctp/user.h
index 00848b6..954090b 100644
--- a/include/net/sctp/user.h
+++ b/include/net/sctp/user.h
@@ -450,7 +450,7 @@ enum sctp_sn_type {
 	SCTP_SHUTDOWN_EVENT,
 	SCTP_PARTIAL_DELIVERY_EVENT,
 	SCTP_ADAPTATION_INDICATION,
-	SCTP_AUTHENTICATION_EVENT,
+	SCTP_AUTHENTICATION_INDICATION,
 };
 
 /* Notification error codes used to fill up the error fields in some
diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
index 2c17c7e..3073143 100644
--- a/net/sctp/ulpevent.c
+++ b/net/sctp/ulpevent.c
@@ -830,7 +830,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_authkey(
 	ak = (struct sctp_authkey_event *)
 		skb_put(skb, sizeof(struct sctp_authkey_event));
 
-	ak->auth_type = SCTP_AUTHENTICATION_EVENT;
+	ak->auth_type = SCTP_AUTHENTICATION_INDICATION;
 	ak->auth_flags = 0;
 	ak->auth_length = sizeof(struct sctp_authkey_event);
 
-- 
1.5.3.5

Re: [PATCH 1/3] [SCTP]: Fix the name of the authentication event.

[David Miller]

From: Vlad Yasevich <vladislav.yasevich@hp.com>
Date: Fri,  4 Jan 2008 14:45:44 -0500

> The even should be called SCTP_AUTHENTICATION_INDICATION.
> 
> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>

Applied.

[PATCH 2/3] [SCTP]: Correctly handle AUTH parameters in unexpected INIT

[Vlad Yasevich]

When processing an unexpected INIT chunk, we do not need to
do any preservation of the old AUTH parameters.  In fact,
doing such preservations will nullify AUTH and allow connection
stealing.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
---
 net/sctp/sm_statefuns.c |   22 ----------------------
 1 files changed, 0 insertions(+), 22 deletions(-)

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 5fb8477..d247ed4 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -1309,26 +1309,6 @@ static void sctp_tietags_populate(struct sctp_association *new_asoc,
 	new_asoc->c.initial_tsn         = asoc->c.initial_tsn;
 }
 
-static void sctp_auth_params_populate(struct sctp_association *new_asoc,
-				    const struct sctp_association *asoc)
-{
-	/* Only perform this if AUTH extension is enabled */
-	if (!sctp_auth_enable)
-		return;
-
-	/* We need to provide the same parameter information as
-	 * was in the original INIT.  This means that we need to copy
-	 * the HMACS, CHUNKS, and RANDOM parameter from the original
-	 * assocaition.
-	 */
-	memcpy(new_asoc->c.auth_random, asoc->c.auth_random,
-		sizeof(asoc->c.auth_random));
-	memcpy(new_asoc->c.auth_hmacs, asoc->c.auth_hmacs,
-		sizeof(asoc->c.auth_hmacs));
-	memcpy(new_asoc->c.auth_chunks, asoc->c.auth_chunks,
-		sizeof(asoc->c.auth_chunks));
-}
-
 /*
  * Compare vtag/tietag values to determine unexpected COOKIE-ECHO
  * handling action.
@@ -1486,8 +1466,6 @@ static sctp_disposition_t sctp_sf_do_unexpected_init(
 
 	sctp_tietags_populate(new_asoc, asoc);
 
-	sctp_auth_params_populate(new_asoc, asoc);
-
 	/* B) "Z" shall respond immediately with an INIT ACK chunk.  */
 
 	/* If there are errors need to be reported for unknown parameters,
-- 
1.5.3.5

Re: [PATCH 2/3] [SCTP]: Correctly handle AUTH parameters in unexpected INIT

[David Miller]

From: Vlad Yasevich <vladislav.yasevich@hp.com>
Date: Fri,  4 Jan 2008 14:45:45 -0500

> When processing an unexpected INIT chunk, we do not need to
> do any preservation of the old AUTH parameters.  In fact,
> doing such preservations will nullify AUTH and allow connection
> stealing.
> 
> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>

Applied.

[PATCH 3/3] [SCTP]: Add back the code that accounted for FORWARD_TSN parameter in INIT.

[Vlad Yasevich]

Some recent changes completely removed accounting for the FORWARD_TSN
parameter length in the INIT and INIT-ACK chunk.  This is wrong and
should be restored.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
---
 net/sctp/sm_make_chunk.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index ed7c9e3..3cc629d 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -210,6 +210,9 @@ struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
 	chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types);
 	chunksize += sizeof(ecap_param);
 
+	if (sctp_prsctp_enable)
+		chunksize += sizeof(prsctp_param);
+
 	/* ADDIP: Section 4.2.7:
 	 *  An implementation supporting this extension [ADDIP] MUST list
 	 *  the ASCONF,the ASCONF-ACK, and the AUTH  chunks in its INIT and
@@ -369,6 +372,9 @@ struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
 	if (asoc->peer.ecn_capable)
 		chunksize += sizeof(ecap_param);
 
+	if (sctp_prsctp_enable)
+		chunksize += sizeof(prsctp_param);
+
 	if (sctp_addip_enable) {
 		extensions[num_ext] = SCTP_CID_ASCONF;
 		extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
-- 
1.5.3.5

Re: [PATCH 3/3] [SCTP]: Add back the code that accounted for FORWARD_TSN parameter in INIT.

[David Miller]

From: Vlad Yasevich <vladislav.yasevich@hp.com>
Date: Fri,  4 Jan 2008 14:45:46 -0500

> Some recent changes completely removed accounting for the FORWARD_TSN
> parameter length in the INIT and INIT-ACK chunk.  This is wrong and
> should be restored.
> 
> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>

Also applied, thanks Vlad.