lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1334758394.3209.156.camel@deadeye>
Date:	Wed, 18 Apr 2012 15:13:14 +0100
From:	Ben Hutchings <bhutchings@...arflare.com>
To:	Dan Carpenter <dan.carpenter@...cle.com>
CC:	<Tristram.Ha@...rel.com>, <netdev@...r.kernel.org>
Subject: re: net: Micrel KSZ8841/2 PCI Ethernet driver

On Wed, 2012-04-18 at 09:47 +0300, Dan Carpenter wrote:
> Hello Tristram,
> 
> I was going through some old stuff and I had a question about ksz884x.c.
> 
> The patch 8ca86fd83eae: "net: Micrel KSZ8841/2 PCI Ethernet driver" 
> from Feb 8, 2010, leads to the following warning:
> drivers/net/ethernet/micrel/ksz884x.c:5678 netdev_set_mac_address()
> 	 error: memcpy() 'mac->sa_data' too small (14 vs 32)
> 
>   5663  static int netdev_set_mac_address(struct net_device *dev, void *addr)
>   5664  {
>   5665          struct dev_priv *priv = netdev_priv(dev);
>   5666          struct dev_info *hw_priv = priv->adapter;
>   5667          struct ksz_hw *hw = &hw_priv->hw;
>   5668          struct sockaddr *mac = addr;
>   5669          uint interrupt;
>   5670  
>   5671          if (priv->port.first_port > 0)
>   5672                  hw_del_addr(hw, dev->dev_addr);
>   5673          else {
>   5674                  hw->mac_override = 1;
>   5675                  memcpy(hw->override_addr, mac->sa_data, ETH_ALEN);
>   5676          }
>   5677  
>   5678          memcpy(dev->dev_addr, mac->sa_data, MAX_ADDR_LEN);
>                                       ^^^^^^^^^^^^
> This has only 14 bytes so we're copying bogus data from beyond the end
> of the struct into dev->dev_addr.

The correct length is ETH_ALEN, as for the previous memcpy().

Ben.

-- 
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ