lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1456090717-19913-7-git-send-email-ak77@tnode.com>
Date:	Sun, 21 Feb 2016 22:38:35 +0100
From:	Andrej Krpic <ak77@...de.com>
To:	linux-kernel@...r.kernel.org
Cc:	jslaby@...e.com, gregkh@...uxfoundation.org,
	Andrej Krpic <ak77@...de.com>
Subject: [PATCH 6/8] tty: n_gsm: add missing length field in control channel commands

Observing debug output while running initator and responder using n_gsm
shows all control channel commands sent by initiator are malformed
 - they don't include length field (3GPP TS 07.10 ver 7.2.0, 5.4.6.1).

Add length field to transmitted control channel commands in the
gsm_control_transmit) as it is done in gsm_control_reply and expected in
gsm_dlci_command.

Signed-off-by: Andrej Krpic <ak77@...de.com>
---
 drivers/tty/n_gsm.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 3c4c521..8aa90e0 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -1320,12 +1320,13 @@ static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
 
 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
 {
-	struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype);
+	struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype);
 
 	if (msg == NULL)
 		return;
-	msg->data[0] = (ctrl->cmd << 1) | 2 | EA;	/* command */
-	memcpy(msg->data + 1, ctrl->data, ctrl->len);
+	msg->data[0] = (ctrl->cmd << 1) | 2 | EA;   /* command */
+	msg->data[1] = ((ctrl->len) << 1) | EA;
+	memcpy(msg->data + 2, ctrl->data, ctrl->len);
 	gsm_data_queue(gsm->dlci[0], msg);
 }
 
-- 
2.7.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ