From 033a6fb64cbac1547abdece1e9e1c645c51fa494 Mon Sep 17 00:00:00 2001
From: Gordon Tetlow <gordon@FreeBSD.org>
Date: Tue, 12 May 2020 16:55:32 +0000
Subject: Fix improper checking in SCTP-AUTH shared key update.

Approved by:	so
Security:	FreeBSD-SA-20:14.sctp
Security:	CVE-2019-15878
---
 sys/netinet/sctp_auth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/netinet/sctp_auth.c b/sys/netinet/sctp_auth.c
index 086e32f2afea..0fd19c36bf4a 100644
--- a/sys/netinet/sctp_auth.c
+++ b/sys/netinet/sctp_auth.c
@@ -521,7 +521,7 @@ sctp_insert_sharedkey(struct sctp_keyhead *shared_keys,
 		} else if (new_skey->keyid == skey->keyid) {
 			/* replace the existing key */
 			/* verify this key *can* be replaced */
-			if ((skey->deactivated) && (skey->refcount > 1)) {
+			if ((skey->deactivated) || (skey->refcount > 1)) {
 				SCTPDBG(SCTP_DEBUG_AUTH1,
 				    "can't replace shared key id %u\n",
 				    new_skey->keyid);
-- 
cgit v1.2.3