lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 13 Feb 2014 11:49:03 +0000
From:	David Laight <David.Laight@...LAB.COM>
To:	'Emil Goode' <emilgoode@...il.com>,
	Bjørn Mork <bjorn@...k.no>
CC:	Steve Glendinning <steve.glendinning@...well.net>,
	Oliver Neukum <oneukum@...e.de>,
	"David S. Miller" <davem@...emloft.net>,
	Freddy Xin <freddy@...x.com.tw>,
	Eric Dumazet <edumazet@...gle.com>,
	Ming Lei <ming.lei@...onical.com>,
	Paul Gortmaker <paul.gortmaker@...driver.com>,
	"Jeff Kirsher" <jeffrey.t.kirsher@...el.com>,
	Liu Junliang <liujunliang_ljl@....com>,
	Octavian Purdila <octavian.purdila@...el.com>,
	"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] usbnet: remove generic hard_header_len check

From: Emil Goode
> > >  int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
> > >  {
> > > +	/* This check is no longer done by usbnet */
> > > +	if (skb->len < dev->net->hard_header_len)
> > > +		return 0;
> > > +
> >
> > Wouldn't it be better to test against ETH_HLEN, since that is a constant
> > and "obviously correct" in this case?
> 
> Some minidrivers change the default hard_header_len value so using it
> guarantees that the patch will not make any change to how the code is
> currently working. Using ETH_HLEN could be more informative about what
> the minidriver should check before passing skbs to usbnet_skb_return().
> Then I think the comment should be changed as well. My intention was to
> not make any changes that affect how the code works for devices I cannot
> test, but I think either way is fine and if you insist on changing it
> let me know.

I think that test is to ensure that the data passed to the mini-driver
contains the ethernet frame encapsulation header (this typically
contains the actual frame length and some flags) so that the minidriver
won't read off the end of the usb data.

Any check for stupidly short ethernet frames would be later on.
IIRC the absolute minimum 802.3 ethernet frame is 17 bytes
(after frame padding has been stripped).

	David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ