lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 03 Nov 2008 13:09:17 +0200
From:	Constantine Gavrilov <>
Subject: patch: support long (above 14 bytes) HW addresses in arp_ioctl

While working with OFED infiniband stack that uses 20 byte long HW 
addresses for IP over IB, I have paid attention to the following  
arp_ioctl problem.

The ioctl uses a data structure that limits a length of HW address to 14 
bytes. The IP stack and the arp cache code do not have that limitation. 
This leads to the following problems:

* arp_ioctl cannot be used to set, get, or delete arp entries for those 
adapters that have HW addresses longer than 14 bytes
* arp_ioctl will corrupt the kernel and user memory when this ioctl is 
used on the adapters that have HW addresses longer that 14 bytes.  This 
is because when copying the HW address, the arp_ioctl code copies 
dev->addr_len bytes without checking that addr_len is not above 14 
bytes. This is done both for copy_to_user() and memcpy() calls on kernel 
data structures allocated on stack. The memcpy() call in particular, 
will corrupt kernel stack.

Attached please find the patch that fixes both problems. In addition, 
the patch changes the maximal number of bytes for HW address that will 
be seen in /proc/net/arp from ~10 to ~30. Without the last change, 
output of /proc/net/arp truncates the the large MAC entries, which makes 
the arp utility useless.

The patch does not change the existing ABI but extends it.  The kernel 
structure used in arp_ioctl calls is changed to support larger 
addresses, while the user-space structure is extended by appending 
extra-space to the end of the structure if ATF_NEWARPCTL -- a new flag  
-- is set in arp_flags of existing user-space structure. This allows 
avoiding big changes to the existing code while preserving the ABI 

Constantine Gavrilov
Kernel Developer
Platform Group
XIV, an IBM global brand 
1 Azrieli Center, Tel-Aviv
Phone: +972-3-6074672
Fax:   +972-3-6959749

View attachment "arp_ioctl.patch" of type "text/x-patch" (5245 bytes)

Powered by blists - more mailing lists