lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1456181596-11736-4-git-send-email-ak77@tnode.com>
Date:	Mon, 22 Feb 2016 23:53:11 +0100
From:	Andrej Krpic <ak77@...de.com>
To:	xinhuix.pan@...el.com
Cc:	linux-kernel@...r.kernel.org, jslaby@...e.com,
	gregkh@...uxfoundation.org, Andrej Krpic <ak77@...de.com>
Subject: [PATCH 3/8] tty: n_gsm: make mux work as a responder station

Comment suggests that cr == 1 represents a received command and cr == 0
a received response. Received frames are then filtered:
 - correctly by rejection of SABM and DISC responses, they are
   command only frame types and
 - incorrectly by rejection of UA (a response only frame type) responses.

Mux as a initiator successfully establishes DLC by receiving UA response
frame to a previously sent open channel command (SABM). Incorrect
equation (eqA) makes UA "reject cr == 0 commands" case correct, but
filters out all received SABM and DISC command frames.

Change eqA to eqB to match the intent and fix filtering of UA frames.
This enables reception of SABM and DISC frames and consequently
makes mux  work as a responder station.

received    receiving as          eqA          eqB       3GPP TS 27.010
 CR bit     initiator (ir)    cr=CR^(1-ir)   cr=CR^ir        5.2.1.2
   0              0                 1            0         0 (response)
   1              0         _\      0            1         1 (command)
   0              1          /      0            1         1 (command)
   1              1                 1            0         0 (response)

Signed-off-by: Andrej Krpic <ak77@...de.com>
---
 drivers/tty/n_gsm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index a0fb92c..05b562d 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -1798,7 +1798,7 @@ static void gsm_queue(struct gsm_mux *gsm)
 
 	gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
 
-	cr ^= 1 - gsm->initiator;	/* Flip so 1 always means command */
+	cr ^= gsm->initiator;		/* Flip so 1 always means command */
 	dlci = gsm->dlci[address];
 
 	switch (gsm->control) {
@@ -1829,7 +1829,7 @@ static void gsm_queue(struct gsm_mux *gsm)
 		break;
 	case UA:
 	case UA|PF:
-		if (cr == 0 || dlci == NULL)
+		if (cr || dlci == NULL)
 			break;
 		switch (dlci->state) {
 		case DLCI_CLOSING:
-- 
2.7.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ