lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 14 Jul 2016 00:23:06 +0200
From:	Bjørn Mork <bjorn@...k.no>
To:	Kristian Evensen <kristian.evensen@...il.com>
Cc:	linux-usb@...r.kernel.org, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rndis_host: Set random MAC for ZTE MF910

Kristian Evensen <kristian.evensen@...il.com> writes:

> From: Kristian Evensen <kristian.evensen@...il.com>
>
> All ZTE MF910 mifis, at least on some revisions, export the same MAC
> address (36:4b:50:b7:ef:da). Check for this MAC address and set a random
> MAC if detected.
>
> Also, changed the memcpy() to ether_addr_copy(), as pointed out by
> checkpatch.
>
> Signed-off-by: Kristian Evensen <kristian.evensen@...il.com>
> ---
>  drivers/net/usb/rndis_host.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/usb/rndis_host.c b/drivers/net/usb/rndis_host.c
> index 524a47a281..85bdbdf 100644
> --- a/drivers/net/usb/rndis_host.c
> +++ b/drivers/net/usb/rndis_host.c
> @@ -295,6 +295,9 @@ static const struct net_device_ops rndis_netdev_ops = {
>  	.ndo_validate_addr	= eth_validate_addr,
>  };
>  
> +/* well-known buggy ZTE MF910 MAC address */
> +static const u8 buggy_zte_addr[ETH_ALEN] = {0x36, 0x4b, 0x50, 0xb7, 0xef, 0xda};
> +
>  int
>  generic_rndis_bind(struct usbnet *dev, struct usb_interface *intf, int flags)
>  {
> @@ -428,7 +431,11 @@ generic_rndis_bind(struct usbnet *dev, struct usb_interface *intf, int flags)
>  		dev_err(&intf->dev, "rndis get ethaddr, %d\n", retval);
>  		goto halt_fail_and_release;
>  	}
> -	memcpy(net->dev_addr, bp, ETH_ALEN);
> +
> +	if (ether_addr_equal(bp, buggy_zte_addr))
> +		eth_hw_addr_random(net);
> +	else
> +		ether_addr_copy(net->dev_addr, bp);
>  
>  	/* set a nonzero filter to enable data transfers */
>  	memset(u.set, 0, sizeof *u.set);


Or how about the more generic?:

        if (bp[0] & 0x02)
   		eth_hw_addr_random(net);
	else
		ether_addr_copy(net->dev_addr, bp);

That would catch similar screwups from other vendors too.


Bjørn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ