lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 28 Oct 2021 08:51:44 +0200
From:   Oleksij Rempel <o.rempel@...gutronix.de>
To:     Zhang Changzhong <zhangchangzhong@...wei.com>
Cc:     Robin van der Gracht <robin@...tonic.nl>,
        linux-kernel@...r.kernel.org,
        Oleksij Rempel <linux@...pel-privat.de>,
        netdev@...r.kernel.org, Marc Kleine-Budde <mkl@...gutronix.de>,
        kernel@...gutronix.de, Oliver Hartkopp <socketcan@...tkopp.net>,
        Jakub Kicinski <kuba@...nel.org>, linux-can@...r.kernel.org,
        "David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH net 2/3] can: j1939: j1939_can_recv(): ignore messages
 with invalid source address

Hi,

On Mon, Oct 25, 2021 at 03:30:57PM +0800, Zhang Changzhong wrote:
> On 2021/10/22 18:23, Oleksij Rempel wrote:
> > On Thu, Oct 21, 2021 at 10:04:16PM +0800, Zhang Changzhong wrote:
> >> According to SAE-J1939-82 2015 (A.3.6 Row 2), a receiver should never
> >> send TP.CM_CTS to the global address, so we can add a check in
> >> j1939_can_recv() to drop messages with invalid source address.
> >>
> >> Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
> >> Signed-off-by: Zhang Changzhong <zhangchangzhong@...wei.com>
> > 
> > NACK. This will break Address Claiming, where first message is SA == 0xff
> 
> I know that 0xfe can be used as a source address, but which message has a source
> address of 0xff?
> 
> According to SAE-J1939-81 2017 4.2.2.8:
> 
>   The network address 255, also known as the Global address, is permitted in the
>   Destination Address field of the SAE J1939 message identifier but never in the
>   Source Address field.

You are right. Thx!

Are you using any testing frameworks?
Can you please take a look here:
https://github.com/linux-can/can-tests/tree/master/j1939

We are using this scripts for regression testing of some know bugs.

> 
> > 
> >> ---
> >>  net/can/j1939/main.c | 4 ++++
> >>  1 file changed, 4 insertions(+)
> >>
> >> diff --git a/net/can/j1939/main.c b/net/can/j1939/main.c
> >> index 08c8606..4f1e4bb 100644
> >> --- a/net/can/j1939/main.c
> >> +++ b/net/can/j1939/main.c
> >> @@ -75,6 +75,10 @@ static void j1939_can_recv(struct sk_buff *iskb, void *data)
> >>  	skcb->addr.pgn = (cf->can_id >> 8) & J1939_PGN_MAX;
> >>  	/* set default message type */
> >>  	skcb->addr.type = J1939_TP;
> >> +	if (!j1939_address_is_valid(skcb->addr.sa))
> >> +		/* ignore messages whose sa is broadcast address */
> >> +		goto done;

Please add some warning once message here. We wont to know if something bad
is happening on the bus.

> >> +
> >>  	if (j1939_pgn_is_pdu1(skcb->addr.pgn)) {
> >>  		/* Type 1: with destination address */
> >>  		skcb->addr.da = skcb->addr.pgn;
> >> -- 
> >> 2.9.5
> >>
> >>
> >>
> > 
> 
> 

Regards,
Oleksij
-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ