lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 29 Dec 2009 01:29:31 +0000
From:	Ben Hutchings <ben@...adent.org.uk>
To:	Neil Horman <nhorman@...driver.com>
Cc:	François romieu <romieu@...eil.com>,
	netdev@...r.kernel.org, davem@...emloft.net,
	eric.dumazet@...il.com, nhorman@...hat.com
Subject: Re: [PATCH RFC] r8169: straighten out overlength frame detection

On Mon, 2009-12-28 at 20:16 -0500, Neil Horman wrote:
> On Tue, Dec 29, 2009 at 12:51:52AM +0000, Ben Hutchings wrote:
> > On Mon, 2009-12-28 at 22:31 +0100, François romieu wrote:
> > > (I'm back)
> > > 
> > > The Mon, Dec 28, 2009 at 02:50:53PM -0500, Neil Horman wrote :
> > > [...]
> > > > frames were received on NIC's supported by this driver.  This was mentioned in a
> > > > security conference recently:
> > > > http://events.ccc.de/congress/2009/Fahrplan//events/3596.en.html
> > > 
> > > Is there a paper ?
> > [...]
> > 
> > I was present in the session and emailed you and Neil about this
> > yesterday; did you not get the message?  The slides are now linked from
> > the above page; see pages 74-87.  I suggest you ask the speaker if you
> > need any more details.
> > 
> > Ben.
> > 
> I'm sorry, Ben, I don't think I received this note (although I admit I've not
> been checking to closely over the holidays).  I jumped on this after I got a
> phone call about it today.  I'll make sure to look for your note shortly.

My memory failed me - I actually sent this to Francois and Eric:

> Hopefully you're already aware of this, but I'm not sure.
> 
> Fabian Yamaguchi made a presentation at 26C3
> <http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html> which
> included a bug in r8169 reintroduced by:
> 
> commit fdd7b4c3302c93f6833e338903ea77245eb510b4
> Author: Eric Dumazet <eric.dumazet@...il.com>
> Date:   Tue Jun 9 04:01:02 2009 -0700
> 
>     r8169: fix crash when large packets are received
> 
> On some older r8169 controllers this will enable scattering on receive,
> and the first word of the second and subsequent RX buffers for a frame
> will wrongly be treated as a status word.  This can be used for denial
> of service at the very least.

Ben.

-- 
Ben Hutchings
Always try to do things in chronological order;
it's less confusing that way.

Download attachment "signature.asc" of type "application/pgp-signature" (828 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ