lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1493926895-14556-1-git-send-email-jim_baxter@mentor.com>
Date:   Thu, 4 May 2017 20:41:34 +0100
From:   Jim Baxter <jim_baxter@...tor.com>
To:     <linux-usb@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        Oliver Neukum <oliver@...kum.org>
CC:     <jim_baxter@...tor.com>
Subject: [PATCH V1 0/1] net: cdc_ncm: Fix TX zero padding

Analysis
--------

The zero padding that is added to NTB's does not zero
the memory correctly.
This happens because the skb_put called within the memset in
the line:
memset(skb_put(skb_out, ctx->tx_max - skb_out->len),
       0, ctx->tx_max - skb_out->len);
causes the value of skb_out->len to be modified during
the two uses of it within the above line.
This causes non-zeroed data at the end of skb_out.

This issue was found when connecting between an ARM
Sabre SD Host platform and a test box that was
dropping the NDP's due to the non zeroed memory being
identified as an error.

Solution
--------

To resolve this I have cached the value of
ctx->tx_max - skb_out->len before the memset operation.

Jim Baxter (1):
  net: cdc_ncm: Fix TX zero padding

 drivers/net/usb/cdc_ncm.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ