| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Oct 2021 15:33:21 +0800
From: Zhang Changzhong <zhangchangzhong@...wei.com>
To: Oleksij Rempel <o.rempel@...gutronix.de>
CC: Robin van der Gracht <robin@...tonic.nl>,
<linux-kernel@...r.kernel.org>,
Oleksij Rempel <linux@...pel-privat.de>,
<netdev@...r.kernel.org>, "Marc Kleine-Budde" <mkl@...gutronix.de>,
<kernel@...gutronix.de>, Oliver Hartkopp <socketcan@...tkopp.net>,
Jakub Kicinski <kuba@...nel.org>, <linux-can@...r.kernel.org>,
"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH net 2/3] can: j1939: j1939_can_recv(): ignore messages
with invalid source address
On 2021/10/28 14:51, Oleksij Rempel wrote:
> Hi,
>
> On Mon, Oct 25, 2021 at 03:30:57PM +0800, Zhang Changzhong wrote:
>> On 2021/10/22 18:23, Oleksij Rempel wrote:
>>> On Thu, Oct 21, 2021 at 10:04:16PM +0800, Zhang Changzhong wrote:
>>>> According to SAE-J1939-82 2015 (A.3.6 Row 2), a receiver should never
>>>> send TP.CM_CTS to the global address, so we can add a check in
>>>> j1939_can_recv() to drop messages with invalid source address.
>>>>
>>>> Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
>>>> Signed-off-by: Zhang Changzhong <zhangchangzhong@...wei.com>
>>>
>>> NACK. This will break Address Claiming, where first message is SA == 0xff
>>
>> I know that 0xfe can be used as a source address, but which message has a source
>> address of 0xff?
>>
>> According to SAE-J1939-81 2017 4.2.2.8:
>>
>> The network address 255, also known as the Global address, is permitted in the
>> Destination Address field of the SAE J1939 message identifier but never in the
>> Source Address field.
>
> You are right. Thx!
>
> Are you using any testing frameworks?
> Can you please take a look here:
> https://github.com/linux-can/can-tests/tree/master/j1939
>
> We are using this scripts for regression testing of some know bugs.
Great! I'll run these scripts before posting patches.
>
>>
>>>
>>>> ---
>>>> net/can/j1939/main.c | 4 ++++
>>>> 1 file changed, 4 insertions(+)
>>>>
>>>> diff --git a/net/can/j1939/main.c b/net/can/j1939/main.c
>>>> index 08c8606..4f1e4bb 100644
>>>> --- a/net/can/j1939/main.c
>>>> +++ b/net/can/j1939/main.c
>>>> @@ -75,6 +75,10 @@ static void j1939_can_recv(struct sk_buff *iskb, void *data)
>>>> skcb->addr.pgn = (cf->can_id >> 8) & J1939_PGN_MAX;
>>>> /* set default message type */
>>>> skcb->addr.type = J1939_TP;
>>>> + if (!j1939_address_is_valid(skcb->addr.sa))
>>>> + /* ignore messages whose sa is broadcast address */
>>>> + goto done;
>
> Please add some warning once message here. We wont to know if something bad
> is happening on the bus.
Will do. Thanks for your suggestions.
Regards,
Changzhong
>
>>>> +
>>>> if (j1939_pgn_is_pdu1(skcb->addr.pgn)) {
>>>> /* Type 1: with destination address */
>>>> skcb->addr.da = skcb->addr.pgn;
>>>> --
>>>> 2.9.5
>>>>
>>>>
>>>>
>>>
>>
>>
>
> Regards,
> Oleksij
>
Powered by blists - more mailing lists