| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1494247797-1732-1-git-send-email-jim_baxter@mentor.com>
Date: Mon, 8 May 2017 13:49:56 +0100
From: Jim Baxter <jim_baxter@...tor.com>
To: <linux-usb@...r.kernel.org>, <netdev@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, Oliver Neukum <oliver@...kum.org>
CC: <jim_baxter@...tor.com>
Subject: [PATCH V2 0/1] net: cdc_ncm: Fix TX zero padding
Analysis
--------
The zero padding that is added to NTB's does not zero
the memory correctly.
This happens because the skb_put called within the memset in
the line:
memset(skb_put(skb_out, ctx->tx_max - skb_out->len),
0, ctx->tx_max - skb_out->len);
causes the value of skb_out->len to be modified during
the two uses of it within the above line.
This causes non-zeroed data at the end of skb_out.
This issue was found when connecting between an ARM
Sabre SD Host platform and a test box that was
dropping the NDP's due to the non zeroed memory being
identified as an error.
Solution
--------
To resolve this I have cached the value of
ctx->tx_max - skb_out->len before the memset operation.
----
V1: Sent to linux-use for review.
V2: Added netdev mailing list as it was missed for V1.
Jim Baxter (1):
net: cdc_ncm: Fix TX zero padding
drivers/net/usb/cdc_ncm.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--
1.9.1
Powered by blists - more mailing lists