• Xin Long's avatar
    sctp: process duplicated strreset out and addstrm out requests correctly · e4dc99c7
    Xin Long authored
    Now sctp stream reconf will process a request again even if it's seqno is
    less than asoc->strreset_inseq.
    
    If one request has been done successfully and some data chunks have been
    accepted and then a duplicated strreset out request comes, the streamin's
    ssn will be cleared. It will cause that stream will never receive chunks
    any more because of unsynchronized ssn. It allows a replay attack.
    
    A similar issue also exists when processing addstrm out requests. It will
    cause more extra streams being added.
    
    This patch is to fix it by saving the last 2 results into asoc. When a
    duplicated strreset out or addstrm out request is received, reply it with
    bad seqno if it's seqno < asoc->strreset_inseq - 2, and reply it with the
    result saved in asoc if it's seqno >= asoc->strreset_inseq - 2.
    
    Note that it saves last 2 results instead of only last 1 result, because
    two requests can be sent together in one chunk.
    
    And note that when receiving a duplicated request, the receiver side will
    still reply it even if the peer has received the response. It's safe, As
    the response will be dropped by the peer.
    Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    e4dc99c7
structs.h 62.3 KB