Only allow a SCTP-AUTH shared key to be updated by the application

if it is not deactivated and not used. This avoids a use-after-free problem. Reported by: da_cheng_shao@yeah.net MFC after: 3 days
svn path=/head/; revision=352438
2019-09-17 09:46:42 +00:00 · 2019-09-17 09:46:42 +00:00 · 3c19311544 · 2020-12-20 02:59:44 +00:00
commit 3c19311544
parent 7f65185940
1 changed files with 1 additions and 1 deletions
--- a/sys/netinet/sctp_auth.c
+++ b/sys/netinet/sctp_auth.c
@ -523,7 +523,7 @@ sctp_insert_sharedkey(struct sctp_keyhead *shared_keys,
 		} else if (new_skey->keyid == skey->keyid) {
 			/* replace the existing key */
 			/* verify this key *can* be replaced */
-			if ((skey->deactivated) && (skey->refcount > 1)) {
+			if ((skey->deactivated) || (skey->refcount > 1)) {
 				SCTPDBG(SCTP_DEBUG_AUTH1,
 				    "can't replace shared key id %u\n",
 				    new_skey->keyid);