* [PATCH net] tipc: only accept encrypted MSG_CRYPTO msgs
@ 2021-11-15 12:45 Xin Long
2021-11-15 14:30 ` patchwork-bot+netdevbpf
0 siblings, 1 reply; 2+ messages in thread
From: Xin Long @ 2021-11-15 12:45 UTC (permalink / raw)
To: network dev, tipc-discussion; +Cc: Jon Maloy, Ying Xue, Tuong Lien, davem, kuba
The MSG_CRYPTO msgs are always encrypted and sent to other nodes
for keys' deployment. But when receiving in peers, if those nodes
do not validate it and make sure it's encrypted, one could craft
a malicious MSG_CRYPTO msg to deploy its key with no need to know
other nodes' keys.
This patch is to do that by checking TIPC_SKB_CB(skb)->decrypted
and discard it if this packet never got decrypted.
Note that this is also a supplementary fix to CVE-2021-43267 that
can be triggered by an unencrypted malicious MSG_CRYPTO msg.
Fixes: 1ef6f7c9390f ("tipc: add automatic session key exchange")
Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
net/tipc/link.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index 1b7a487c8841..09ae8448f394 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1298,8 +1298,11 @@ static bool tipc_data_input(struct tipc_link *l, struct sk_buff *skb,
return false;
#ifdef CONFIG_TIPC_CRYPTO
case MSG_CRYPTO:
- tipc_crypto_msg_rcv(l->net, skb);
- return true;
+ if (TIPC_SKB_CB(skb)->decrypted) {
+ tipc_crypto_msg_rcv(l->net, skb);
+ return true;
+ }
+ fallthrough;
#endif
default:
pr_warn("Dropping received illegal msg type\n");
--
2.27.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net] tipc: only accept encrypted MSG_CRYPTO msgs
2021-11-15 12:45 [PATCH net] tipc: only accept encrypted MSG_CRYPTO msgs Xin Long
@ 2021-11-15 14:30 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-11-15 14:30 UTC (permalink / raw)
To: Xin Long
Cc: netdev, tipc-discussion, jmaloy, ying.xue, tuong.t.lien, davem, kuba
Hello:
This patch was applied to netdev/net.git (master)
by David S. Miller <davem@davemloft.net>:
On Mon, 15 Nov 2021 07:45:24 -0500 you wrote:
> The MSG_CRYPTO msgs are always encrypted and sent to other nodes
> for keys' deployment. But when receiving in peers, if those nodes
> do not validate it and make sure it's encrypted, one could craft
> a malicious MSG_CRYPTO msg to deploy its key with no need to know
> other nodes' keys.
>
> This patch is to do that by checking TIPC_SKB_CB(skb)->decrypted
> and discard it if this packet never got decrypted.
>
> [...]
Here is the summary with links:
- [net] tipc: only accept encrypted MSG_CRYPTO msgs
https://git.kernel.org/netdev/net/c/271351d255b0
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-15 14:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-15 12:45 [PATCH net] tipc: only accept encrypted MSG_CRYPTO msgs Xin Long
2021-11-15 14:30 ` patchwork-bot+netdevbpf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.