[PATCH net 0/2] sctp: validate INIT in COOKIE-ECHO when auth disabled
From: Xin Long <lucien.xin@gmail.com>
Date: 2026-06-16 00:34:21
Also in:
linux-sctp
This series fixes a security gap in SCTP's COOKIE-ECHO handling when cookie authentication is disabled. Currently, INIT chunks embedded in cookies are not re-verified after unpacking, creating a vulnerability when cookie_auth_enable=0. This series first refactors error handling, then adds the missing validation. Xin Long (2): sctp: factor out INIT verification failure handling sctp: add INIT verification after cookie unpacking net/sctp/sm_make_chunk.c | 2 +- net/sctp/sm_statefuns.c | 200 +++++++++++++++++++-------------------- 2 files changed, 99 insertions(+), 103 deletions(-) -- 2.47.1