lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Zs2zGPZsTIaOO6tD@lzaremba-mobl.ger.corp.intel.com>
Date: Tue, 27 Aug 2024 13:06:00 +0200
From: Larysa Zaremba <larysa.zaremba@...el.com>
To: Matt Johnston <matt@...econstruct.com.au>
CC: <jk@...econstruct.com.au>, "David S. Miller" <davem@...emloft.net>, "Jakub
 Kicinski" <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Eric Dumazet
	<edumazet@...gle.com>, <netdev@...r.kernel.org>, <stable@...r.kernel.org>
Subject: Re: [PATCH net 2/2] net: mctp-serial: Fix missing escapes on transmit

On Tue, Aug 27, 2024 at 10:07:59AM +0800, Matt Johnston wrote:
> 0x7d and 0x7e bytes are meant to be escaped in the data portion of
> frames, but this didn't occur since next_chunk_len() had an off-by-one
> error. That also resulted in the final byte of a payload being written
> as a separate tty write op.
> 
> The chunk prior to an escaped byte would be one byte short, and the
> next call would never test the txpos+1 case, which is where the escaped
> byte was located. That meant it never hit the escaping case in
> mctp_serial_tx_work().
> 
> Example Input: 01 00 08 c8 7e 80 02
> 
> Previous incorrect chunks from next_chunk_len():
> 
> 01 00 08
> c8 7e 80
> 02
> 
> With this fix:
> 
> 01 00 08 c8
> 7e
> 80 02
> 
> Cc: stable@...r.kernel.org
> Fixes: a0c2ccd9b5ad ("mctp: Add MCTP-over-serial transport binding")
> Signed-off-by: Matt Johnston <matt@...econstruct.com.au>

Reviewed-by: Larysa Zaremba <larysa.zaremba@...el.com>

> ---
>  drivers/net/mctp/mctp-serial.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/mctp/mctp-serial.c b/drivers/net/mctp/mctp-serial.c
> index d7db11355909..82890e983847 100644
> --- a/drivers/net/mctp/mctp-serial.c
> +++ b/drivers/net/mctp/mctp-serial.c
> @@ -91,8 +91,8 @@ static int next_chunk_len(struct mctp_serial *dev)
>  	 * will be those non-escaped bytes, and does not include the escaped
>  	 * byte.
>  	 */
> -	for (i = 1; i + dev->txpos + 1 < dev->txlen; i++) {
> -		if (needs_escape(dev->txbuf[dev->txpos + i + 1]))
> +	for (i = 1; i + dev->txpos < dev->txlen; i++) {
> +		if (needs_escape(dev->txbuf[dev->txpos + i]))
>  			break;
>  	}
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ