CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit

[Petr Matousek <pmatouse () redhat com>]

Alan Chester reported an issue with IPv6 on SCTP that IPsec traffic is
not being encrypted, whereas on IPv4 it is. Setting up an AH + ESP transport
does not seem to have the desired effect:

SCTP + IPv4:

 22:14:20.809645 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF],
proto AH (51), length 116)
     192.168.0.2 > 192.168.0.5: AH(spi=0x00000042,sumlen=16,seq=0x1):ESP(spi=0x00000044,seq=0x1), length 72
 22:14:20.813270 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF],proto AH (51), length 340)
     192.168.0.5 > 192.168.0.2: AH(spi=0x00000043,sumlen=16,seq=0x1):

SCTP + IPv6:

 22:31:19.215029 IP6 (class 0x02, hlim 64, next-header SCTP (132)payload length: 364)
     fe80::222:15ff:fe87:7fc.3333 > fe80::92e6:baff:fe0d:5a54.36767:sctp
     1) [INIT ACK] [init tag: 747759530] [rwnd: 62464] [OS: 10] [MIS:10]

References:
https://bugzilla.kernel.org/show_bug.cgi?id=24412
https://bugzilla.redhat.com/show_bug.cgi?id=1007872

Upstream fix:
http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team