lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87ilrl1jif.fsf@miraculix.mork.no>
Date:   Thu, 07 Apr 2022 08:43:04 +0200
From:   Bjørn Mork <bjorn@...k.no>
To:     Lech Perczak <lech.perczak@...il.com>
Cc:     netdev@...r.kernel.org, linux-usb@...r.kernel.org,
        Kristian Evensen <kristian.evensen@...il.com>,
        Oliver Neukum <oliver@...kum.org>
Subject: Re: [PATCH 3/3] rndis_host: limit scope of bogus MAC address
 detection to ZTE devices

Lech Perczak <lech.perczak@...il.com> writes:

> Reporting of bogus MAC addresses and ignoring configuration of new
> destination address wasn't observed outside of a range of ZTE devices,
> among which this seems to be the common bug. Align rndis_host driver
> with implementation found in cdc_ether, which also limits this workaround
> to ZTE devices.

Reviewed-by: Bjørn Mork <bjorn@...k.no>

Yes, this is a much better solution.

We have no business rejecting the address chosen by the device, even if
it is "locally administered".  The device has every right to use a local
address on a link with no other devices, which is the case for every
cellular modem for example.

And even if we believe the device is wrong there isn't much we can do
about that.

Rejecting the device address, with no way to inform the device about a
new address, implies that host and device disagrees about it.  This does
not fix anything.  It just makes the host to silentlig drop all packets,
leaving the user with a non-working device.

I take full responibility for coming up with the idea of over-
simplifying the original workaround proposed by Kristian. It wasn't very
well thought over.

Thanks to Lech for fixing this!



Bjørn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ