aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2020-05-12 16:55:32 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2020-05-12 16:55:32 +0000
commit033a6fb64cbac1547abdece1e9e1c645c51fa494 (patch)
tree512d2c562f4b92e620714ff6955df1c54bba3ad6
parentf2d4b4a5c3914e241c6683d6e31ef1117d292985 (diff)
downloadsrc-033a6fb64cbac1547abdece1e9e1c645c51fa494.tar.gz
src-033a6fb64cbac1547abdece1e9e1c645c51fa494.zip
Fix improper checking in SCTP-AUTH shared key update.
Approved by: so Security: FreeBSD-SA-20:14.sctp Security: CVE-2019-15878
Notes
Notes: svn path=/releng/11.3/; revision=360975
-rw-r--r--sys/netinet/sctp_auth.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet/sctp_auth.c b/sys/netinet/sctp_auth.c
index 086e32f2afea..0fd19c36bf4a 100644
--- a/sys/netinet/sctp_auth.c
+++ b/sys/netinet/sctp_auth.c
@@ -521,7 +521,7 @@ sctp_insert_sharedkey(struct sctp_keyhead *shared_keys,
} else if (new_skey->keyid == skey->keyid) {
/* replace the existing key */
/* verify this key *can* be replaced */
- if ((skey->deactivated) && (skey->refcount > 1)) {
+ if ((skey->deactivated) || (skey->refcount > 1)) {
SCTPDBG(SCTP_DEBUG_AUTH1,
"can't replace shared key id %u\n",
new_skey->keyid);