| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 03 Nov 2008 18:34:36 +0200 From: Constantine Gavrilov <constantine.gavrilov@...il.com> To: linux-kernel@...r.kernel.org CC: general@...ts.openfabrics.org Subject: Re: patch: support long (above 14 bytes) HW addresses in arp_ioctl Updated version of the patch uses MAX_ADDR_LEN from netdevice.h as the maximal length of MAC address. Constantine Gavrilov wrote: > While working with OFED infiniband stack that uses 20 byte long HW > addresses for IP over IB, I have paid attention to the following > arp_ioctl problem. > > The ioctl uses a data structure that limits a length of HW address to > 14 bytes. The IP stack and the arp cache code do not have that > limitation. This leads to the following problems: > > * arp_ioctl cannot be used to set, get, or delete arp entries for > those adapters that have HW addresses longer than 14 bytes > * arp_ioctl will corrupt the kernel and user memory when this ioctl is > used on the adapters that have HW addresses longer that 14 bytes. > This is because when copying the HW address, the arp_ioctl code copies > dev->addr_len bytes without checking that addr_len is not above 14 > bytes. This is done both for copy_to_user() and memcpy() calls on > kernel data structures allocated on stack. The memcpy() call in > particular, will corrupt kernel stack. > > Attached please find the patch that fixes both problems. In addition, > the patch changes the maximal number of bytes for HW address that will > be seen in /proc/net/arp from ~10 to ~30. Without the last change, > output of /proc/net/arp truncates the the large MAC entries, which > makes the arp utility useless. > > The patch does not change the existing ABI but extends it. The kernel > structure used in arp_ioctl calls is changed to support larger > addresses, while the user-space structure is extended by appending > extra-space to the end of the structure if ATF_NEWARPCTL -- a new > flag -- is set in arp_flags of existing user-space structure. This > allows avoiding big changes to the existing code while preserving the > ABI compatibility. > -- ---------------------------------------- Constantine Gavrilov Kernel Developer Platform Group XIV, an IBM global brand 1 Azrieli Center, Tel-Aviv Phone: +972-3-6074672 Fax: +972-3-6959749 ---------------------------------------- View attachment "arp_ioctl.patch" of type "text/x-patch" (5247 bytes) Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5355 bytes)
Powered by blists - more mailing lists