| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 May 2020 09:05:58 +0800
From: Jeremy Kerr <jk@...abs.org>
To: netdev@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
"David S. Miller" <davem@...emloft.net>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Finn Thain <fthain@...egraphics.com.au>,
Stan Johnson <userm57@...oo.com>
Subject: [PATCH] net: bmac: Fix read of MAC address from ROM
In bmac_get_station_address, We're reading two bytes at a time from ROM,
but we do that six times, resulting in 12 bytes of read & writes. This
means we will write off the end of the six-byte destination buffer.
This change fixes the for-loop to only read/write six bytes.
Based on a proposed fix from Finn Thain <fthain@...egraphics.com.au>.
Signed-off-by: Jeremy Kerr <jk@...abs.org>
Reported-by: Stan Johnson <userm57@...oo.com>
Tested-by: Stan Johnson <userm57@...oo.com>
Reported-by: Finn Thain <fthain@...egraphics.com.au>
---
drivers/net/ethernet/apple/bmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/apple/bmac.c b/drivers/net/ethernet/apple/bmac.c
index a58185b1d8bf..3e3711b60d01 100644
--- a/drivers/net/ethernet/apple/bmac.c
+++ b/drivers/net/ethernet/apple/bmac.c
@@ -1182,7 +1182,7 @@ bmac_get_station_address(struct net_device *dev, unsigned char *ea)
int i;
unsigned short data;
- for (i = 0; i < 6; i++)
+ for (i = 0; i < 3; i++)
{
reset_and_select_srom(dev);
data = read_srom(dev, i + EnetAddressOffset/2, SROMAddressBits);
--
2.17.1
Powered by blists - more mailing lists