SCTP, possible bug in peer authentication key
Randall Stewart
rrs at lakerest.net
Mon Feb 9 12:23:52 PST 2009
Note that all of these changes are now in Head.. however
I am not sure of the likely-hood of them moving into 7 since
the xsctp_xxxx changes for the mib (rwnd and assoc_id) break
ABI compatability. I have now (in head) padded up the structures
at the end (in case we need to add more). But in general this
means I cannot commit to stable many changes. I will go back and
see what can be done :-(
I may be able to do some "ifdef" and other magic so I can
pull in the changes that have went on.. not sure.
R
On Jan 29, 2009, at 12:29 PM, Peter Lei wrote:
> There's a corresponding change that is needed for pulling the auth
> info
> out of the cookie for the other direction (i.e. server side
> handling). I've
> committed that into the SCTP project repo, and should also get in with
> Randall's next commit.
>
> --peter
>
> On Jan 29, 2009, at 2:23 AM, Michael Tüxen wrote:
>
>> Hi Yann,
>>
>> very good catch! You are right.
>>
>> I have committed your patch to Randalls repository, so it will
>> show up in the FreeBSD sources soon (next time he syncs them)...
>>
>> Best regards
>> Michael
>>
>> On Jan 28, 2009, at 8:51 PM, Yann WANWANSCAPPEL wrote:
>>
>>> Hi all,
>>>
>>> I think I found a bug in the SCTP authentication code, in
>>> sctp_load_addresses_from_init() in sctp_pcb.c
>>>
>>> keylen = sizeof(*p_random) + random_len + sizeof(*chunks) +
>>> num_chunks +
>>> sizeof(*hmacs) + hmacs_len;
>>>
>>> The keylen calculation assumes the Chunk List Parameter (CHUNKS)
>>> vl-param was present in the received INIT packet, which can be
>>> false if
>>> peer SCTP does not require any chunk to be authenticated (this
>>> typically
>>> occurs if peer does not support ASCONF).
>>>
>>>> From RFC 4895, 6.1
>>>
>>> * An SCTP endpoint has a list of chunks it only accepts if they are
>>> * received in an authenticated way. This list is included in the
>>> INIT
>>> * and INIT-ACK, and MAY be omitted if it is empty. Since this list
>>> * does not change during the lifetime of the SCTP endpoint there
>>> is no
>>> * problem in case of INIT collision.
>>>
>>> This case is properly handled later in the build of the key
>>>
>>> /* append in the AUTH chunks */
>>> if (chunks != NULL) {
>>> .....
>>> }
>>>
>>> I think the calculated keylen should be something like this :
>>>
>>> keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) +
>>> hmacs_len;
>>>
>>> if (chunks != NULL) {
>>> keylen += sizeof(*chunks) + num_chunks
>>> }
>>>
>>> This problem results in authenticated packets sent from peer SCTP
>>> to be
>>> discarded.
>>>
>>> The problem does not occurs if peer SCTP is modified to send an
>>> empty
>>> Chunk List Parameter, (eg num_chunks = 0 in the decoding).
>>>
>>> Br,
>>> Yann
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> freebsd-net at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org
>>> "
>>>
>>
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-
>> unsubscribe at freebsd.org"
>
------------------------------
Randall Stewart
803-317-4952 (cell)
803-345-0391(direct)
More information about the freebsd-net
mailing list