Re: [PATCH net] sctp: fix association labeling in the duplicate COOKIE-ECHO case

From: patchwork-bot+netdevbpf@kernel.org
Date: 2024-08-27 23:20:31
Also in: linux-sctp, linux-security-module, lkml, selinux

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski [off-list ref]:

On Mon, 26 Aug 2024 15:07:11 +0200 you wrote:

sctp_sf_do_5_2_4_dupcook() currently calls security_sctp_assoc_request()
on new_asoc, but as it turns out, this association is always discarded
and the LSM labels never get into the final association (asoc).

This can be reproduced by having two SCTP endpoints try to initiate an
association with each other at approximately the same time and then peel
off the association into a new socket, which exposes the unitialized
labels and triggers SELinux denials.

[...]

Here is the summary with links:
  - [net] sctp: fix association labeling in the duplicate COOKIE-ECHO case
    https://git.kernel.org/netdev/net/c/3a0504d54b3b

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help