lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 03 Nov 2008 18:34:36 +0200
From:	Constantine Gavrilov <>
Subject: Re: patch: support long (above 14 bytes) HW addresses in arp_ioctl

Updated version of the patch uses MAX_ADDR_LEN from netdevice.h as the 
maximal length of MAC address.

Constantine Gavrilov wrote:
> While working with OFED infiniband stack that uses 20 byte long HW 
> addresses for IP over IB, I have paid attention to the following  
> arp_ioctl problem.
> The ioctl uses a data structure that limits a length of HW address to 
> 14 bytes. The IP stack and the arp cache code do not have that 
> limitation. This leads to the following problems:
> * arp_ioctl cannot be used to set, get, or delete arp entries for 
> those adapters that have HW addresses longer than 14 bytes
> * arp_ioctl will corrupt the kernel and user memory when this ioctl is 
> used on the adapters that have HW addresses longer that 14 bytes.  
> This is because when copying the HW address, the arp_ioctl code copies 
> dev->addr_len bytes without checking that addr_len is not above 14 
> bytes. This is done both for copy_to_user() and memcpy() calls on 
> kernel data structures allocated on stack. The memcpy() call in 
> particular, will corrupt kernel stack.
> Attached please find the patch that fixes both problems. In addition, 
> the patch changes the maximal number of bytes for HW address that will 
> be seen in /proc/net/arp from ~10 to ~30. Without the last change, 
> output of /proc/net/arp truncates the the large MAC entries, which 
> makes the arp utility useless.
> The patch does not change the existing ABI but extends it.  The kernel 
> structure used in arp_ioctl calls is changed to support larger 
> addresses, while the user-space structure is extended by appending 
> extra-space to the end of the structure if ATF_NEWARPCTL -- a new 
> flag  -- is set in arp_flags of existing user-space structure. This 
> allows avoiding big changes to the existing code while preserving the 
> ABI compatibility.

Constantine Gavrilov
Kernel Developer
Platform Group
XIV, an IBM global brand 
1 Azrieli Center, Tel-Aviv
Phone: +972-3-6074672
Fax:   +972-3-6959749

View attachment "arp_ioctl.patch" of type "text/x-patch" (5247 bytes)

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5355 bytes)

Powered by blists - more mailing lists