lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 25 Oct 2019 12:32:42 +0200
From:   Kurt Van Dijck <dev.kurt@...dijck-laurijssen.be>
To:     Oleksij Rempel <o.rempel@...gutronix.de>
Cc:     mkl@...gutronix.de, wg@...ndegger.com, kernel@...gutronix.de,
        linux-can@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH v1] j1939: transport: make sure EOMA is send with the
 total message size set

On vr, 25 okt 2019 11:36:26 +0200, Oleksij Rempel wrote:
> Hi all,
> 
> i decided to be strict here and drop malformed EOMA packages. At least
> it makes testing easier.
> I have no idea how far is it from reality. Will it brake some thing?
> 
> 
> On Fri, Oct 25, 2019 at 11:30:15AM +0200, Oleksij Rempel wrote:
> > We was sending malformed EOMA with total message size set to 0. So, fix this
> > bug and add sanity check to the RX path.
> > 
...
> > +	if (session->total_message_size != len) {
> > +		netdev_warn(session->priv->ndev, "%s: 0x%p: Incorrect size. Expected: %i; got: %i.\n",
> > +			    __func__, session, session->total_message_size,
> > +			    len);

A warning is usefull here, maybe rate-limited.

> > +		return;

But returning an otherwise complete transfer is rough.
I'm sure verifying this at this stage is unusual.
I'm sure there are little controllers out there that fail here.

Be tolerant on the input and strict on the output, isn't it?

Kind regards,
Kurt 
> > +	}
> > +

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ