diff options
author | Gordon Tetlow <gordon@FreeBSD.org> | 2020-05-12 16:55:32 +0000 |
---|---|---|
committer | Gordon Tetlow <gordon@FreeBSD.org> | 2020-05-12 16:55:32 +0000 |
commit | 033a6fb64cbac1547abdece1e9e1c645c51fa494 (patch) | |
tree | 512d2c562f4b92e620714ff6955df1c54bba3ad6 | |
parent | f2d4b4a5c3914e241c6683d6e31ef1117d292985 (diff) | |
download | src-033a6fb64cbac1547abdece1e9e1c645c51fa494.tar.gz src-033a6fb64cbac1547abdece1e9e1c645c51fa494.zip |
Fix improper checking in SCTP-AUTH shared key update.
Approved by: so
Security: FreeBSD-SA-20:14.sctp
Security: CVE-2019-15878
Notes
Notes:
svn path=/releng/11.3/; revision=360975
-rw-r--r-- | sys/netinet/sctp_auth.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet/sctp_auth.c b/sys/netinet/sctp_auth.c index 086e32f2afea..0fd19c36bf4a 100644 --- a/sys/netinet/sctp_auth.c +++ b/sys/netinet/sctp_auth.c @@ -521,7 +521,7 @@ sctp_insert_sharedkey(struct sctp_keyhead *shared_keys, } else if (new_skey->keyid == skey->keyid) { /* replace the existing key */ /* verify this key *can* be replaced */ - if ((skey->deactivated) && (skey->refcount > 1)) { + if ((skey->deactivated) || (skey->refcount > 1)) { SCTPDBG(SCTP_DEBUG_AUTH1, "can't replace shared key id %u\n", new_skey->keyid); |