lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4817668F.8050404@intel.com>
Date:	Tue, 29 Apr 2008 11:18:55 -0700
From:	"Kok, Auke" <auke-jan.h.kok@...el.com>
To:	Jeff Garzik <jeff@...zik.org>
CC:	NetDev <netdev@...r.kernel.org>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Jesse Brandeburg <jesse.brandeburg@...el.com>
Subject: [PATCH] Re: Error handling corner case found during audits

Alan Cox wrote:
> Not sure what should happen here.
> 
> 
> diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.vanilla-2.6.25-mm1/drivers/net/e1000e/ethtool.c linux-2.6.25-mm1/drivers/net/e1000e/ethtool.c
> --- linux.vanilla-2.6.25-mm1/drivers/net/e1000e/ethtool.c	2008-04-28 11:36:49.000000000 +0100
> +++ linux-2.6.25-mm1/drivers/net/e1000e/ethtool.c	2008-04-18 16:42:41.000000000 +0100
> @@ -494,6 +494,8 @@
>  		for (i = 0; i < last_word - first_word + 1; i++) {
>  			ret_val = e1000_read_nvm(hw, first_word + i, 1,
>  						      &eeprom_buff[i]);
> +			/* ERROR: This path leaves eeprom_buf containing
> +			   old kernel bytes we then byteswap/return */
>  			if (ret_val)
>  				break;
>  		}

either we fill the buffer with 0xff (the determined value for "empty eeprom"), or
just kzalloc the buffer instead. This should be enough of a warning for the user
that something is really wrong.

Auke

---

e1000e: don't return half-read eeprom on error

On a read error, e1000e might have returned uninitialized block of eeprom data
back to userspace. The convention is that 0xff is "empty", so mark the entire
eeprom as empty in case of an error.

Signed-off-by: Auke Kok <auke-jan.h.kok@...el.com>

---
diff --git a/drivers/net/e1000e/ethtool.c b/drivers/net/e1000e/ethtool.c
index b1b784a..8b04a42 100644
--- a/drivers/net/e1000e/ethtool.c
+++ b/drivers/net/e1000e/ethtool.c
@@ -510,8 +510,12 @@ static int e1000_get_eeprom(struct net_device *netdev,
 		for (i = 0; i < last_word - first_word + 1; i++) {
 			ret_val = e1000_read_nvm(hw, first_word + i, 1,
 						      &eeprom_buff[i]);
-			if (ret_val)
+			if (ret_val) {
+				/* a read error occurred, throw away the
+				 * result */
+				memset(eeprom_buff, 0xff, sizeof(eeprom_buff));
 				break;
+			}
 		}
 	}

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ