| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20140505.152037.455988814617308575.davem@davemloft.net>
Date: Mon, 05 May 2014 15:20:37 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: bjorn@...k.no
Cc: netdev@...r.kernel.org, linux-usb@...r.kernel.org,
alexey.orishko@...il.com, oliver@...kum.org
Subject: Re: [PATCH net,stable] net: cdc_ncm: fix buffer overflow
From: Bjørn Mork <bjorn@...k.no>
Date: Fri, 2 May 2014 23:27:00 +0200
> Commit 4d619f625a60 ("net: cdc_ncm: no point in filling up the NTBs
> if we send ZLPs") changed the padding logic for devices with the ZLP
> flag set. This meant that frames of any size will be sent without
> additional padding, except for the single byte added if the size is
> a multiple of the USB packet size. But if the unpadded size is
> identical to the maximum frame size, and the maximum size is a
> multiplum of the USB packet size, then this one-byte padding will
> overflow the buffer.
>
> Prevent padding if already at maximum frame size, letting usbnet
> transmit a ZLP instead in this case.
>
> Fixes: 4d619f625a60 ("net: cdc_ncm: no point in filling up the NTBs if we send ZLPs")
> Reported by: Yu-an Shih <yshih@...dia.com>
> Signed-off-by: Bjørn Mork <bjorn@...k.no>
> ---
> Please add this to the stable v3.13 and v3.14 queues as well. Thanks.
Applied and queued up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists