SCTP, possible bug in peer authentication key

Michael Tüxen Michael.Tuexen at lurchi.franken.de
Thu Jan 29 10:34:19 PST 2009 

Hi Peter,

good catch!

Best regards
Michael

On Jan 29, 2009, at 6:29 PM, Peter Lei wrote:

> There's a corresponding change that is needed for pulling the auth  
> info
> out of the cookie for the other direction (i.e. server side  
> handling).   I've
> committed that into the SCTP project repo, and should also get in with
> Randall's next commit.
>
> --peter
>
> On Jan 29, 2009, at 2:23 AM, Michael Tüxen wrote:
>
>> Hi Yann,
>>
>> very good catch! You are right.
>>
>> I have committed your patch to Randalls repository, so it will
>> show up in the FreeBSD sources soon (next time he syncs them)...
>>
>> Best regards
>> Michael
>>
>> On Jan 28, 2009, at 8:51 PM, Yann WANWANSCAPPEL wrote:
>>
>>> Hi all,
>>>
>>> I think I found a bug in the SCTP authentication code, in
>>> sctp_load_addresses_from_init() in sctp_pcb.c
>>>
>>> keylen = sizeof(*p_random) + random_len + sizeof(*chunks) +  
>>> num_chunks +
>>> sizeof(*hmacs) + hmacs_len;
>>>
>>> The keylen calculation assumes the Chunk List Parameter (CHUNKS)
>>> vl-param was present in the received INIT packet, which can be  
>>> false if
>>> peer SCTP does not require any chunk to be authenticated (this  
>>> typically
>>> occurs if peer does not support ASCONF).
>>>
>>>> From RFC 4895, 6.1
>>>
>>> * An SCTP endpoint has a list of chunks it only accepts if they are
>>> * received in an authenticated way.  This list is included in the  
>>> INIT
>>> * and INIT-ACK, and MAY be omitted if it is empty.  Since this list
>>> * does not change during the lifetime of the SCTP endpoint there  
>>> is no
>>> * problem in case of INIT collision.
>>>
>>> This case is properly handled later in the build of the key
>>>
>>> 	/* append in the AUTH chunks */
>>> 	if (chunks != NULL) {
>>> 	.....
>>> 	}
>>>
>>> I think the calculated keylen should be something like this :
>>>
>>> keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) +  
>>> hmacs_len;
>>>
>>> if (chunks != NULL) {
>>> keylen += sizeof(*chunks) + num_chunks
>>> }
>>>
>>> This problem results in authenticated packets sent from peer SCTP  
>>> to be
>>> discarded.
>>>
>>> The problem does not occurs if peer SCTP is modified to send an  
>>> empty
>>> Chunk List Parameter, (eg num_chunks = 0 in the decoding).
>>>
>>> Br,
>>> Yann
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> freebsd-net at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org 
>>> "
>>>
>>
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net- 
>> unsubscribe at freebsd.org"
>

More information about the freebsd-net mailing list