From: Xin Long <lucien....@gmail.com> Date: Sat, 5 May 2018 14:59:47 +0800
> Now sctp only delays the authentication for the normal cookie-echo > chunk by setting chunk->auth_chunk in sctp_endpoint_bh_rcv(). But > for the duplicated one with auth, in sctp_assoc_bh_rcv(), it does > authentication first based on the old asoc, which will definitely > fail due to the different auth info in the old asoc. > > The duplicated cookie-echo chunk will create a new asoc with the > auth info from this chunk, and the authentication should also be > done with the new asoc's auth info for all of the collision 'A', > 'B' and 'D'. Otherwise, the duplicated cookie-echo chunk with auth > will never pass the authentication and create the new connection. > > This issue exists since very beginning, and this fix is to make > sctp_assoc_bh_rcv() follow the way sctp_endpoint_bh_rcv() does > for the normal cookie-echo chunk to delay the authentication. > > While at it, remove the unused params from sctp_sf_authenticate() > and define sctp_auth_chunk_verify() used for all the places that > do the delayed authentication. > > v1->v2: > fix the typo in changelog as Marcelo noticed. > > Acked-by: Marcelo Ricardo Leitner <marcelo.leit...@gmail.com> > Signed-off-by: Xin Long <lucien....@gmail.com> Applied, thanks.
