[PATCH net v2 0/2] sctp: validate INIT in COOKIE-ECHO when auth disabled

[PATCH net v2 0/2] sctp: validate INIT in COOKIE-ECHO when auth disabled · Xin Long <lucien.xin@gmail.com> · 2026-06-20
[PATCH net v2 1/2] sctp: factor out INIT verification failure handling · Xin Long <lucien.xin@gmail.com> · 2026-06-20
[PATCH net v2 2/2] sctp: add INIT verification after cookie unpacking · Xin Long <lucien.xin@gmail.com> · 2026-06-20
Re: [PATCH net v2 2/2] sctp: add INIT verification after cookie unpacking · Simon Horman <horms@kernel.org> · 2026-06-22
Re: [PATCH net v2 2/2] sctp: add INIT verification after cookie unpacking · Xin Long <lucien.xin@gmail.com> · 2026-06-23
Re: [PATCH net v2 0/2] sctp: validate INIT in COOKIE-ECHO when auth disabled · Xin Long <lucien.xin@gmail.com> · 2026-06-24

WARM1d

Revisions (2)

2026-06-16 v1 [diff vs current]
2026-06-20 v2 current

From: Xin Long <lucien.xin@gmail.com>
Date: 2026-06-20 15:10:56
Also in: linux-sctp

This series fixes a security gap in SCTP's COOKIE-ECHO handling when
cookie authentication is disabled.

Currently, INIT chunks embedded in cookies are not re-verified after
unpacking, creating a vulnerability when cookie_auth_enable=0. This
series first refactors error handling, then adds the missing validation.

Changes in v2: see individual patch changelogs for details.

Xin Long (2):
  sctp: factor out INIT verification failure handling
  sctp: add INIT verification after cookie unpacking

 net/sctp/sm_make_chunk.c |   3 +-
 net/sctp/sm_statefuns.c  | 220 ++++++++++++++++++++-------------------
 2 files changed, 117 insertions(+), 106 deletions(-)

-- 
2.47.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help