Re: urndis(4) Frame length validation
2011/3/20 Loganaden Velvindron logana...@devio.us Hi, this diff also discards packets larger than maximum buffer size. Please test. Index: src/sys/dev/usb/if_urndis.c === RCS file: /cvs/src/sys/dev/usb/if_urndis.c,v retrieving revision 1.29 diff -u -p -r1.29 if_urndis.c --- src/sys/dev/usb/if_urndis.c 25 Jan 2011 20:03:35 - 1.29 +++ src/sys/dev/usb/if_urndis.c 20 Mar 2011 05:22:55 - @@ -801,12 +801,13 @@ urndis_decap(struct urndis_softc *sc, st DPRINTF((%s: urndis_decap buffer size left %u\n, DEVNAME(sc), len)); - if (len sizeof(*msg)) { + if (len sizeof(*msg) || len RNDIS_BUFSZ) { printf(%s: urndis_decap invalid buffer len %u - minimum header %u\n, + minimum header %u maximum size %d\n, DEVNAME(sc), len, - sizeof(*msg)); + sizeof(*msg), + RNDIS_BUFSZ); return; } With this patch and doing large scp's, I get a few: urndis0: urndis_decap invalid buffer len 1 minimum header 44 maximum size 1562 urndis0: urndis_decap invalid buffer len 1 minimum header 44 maximum size 1562 in my amd64 dmesg buffer, but no other changes noticed. -- To our sweethearts and wives. May they never meet. -- 19th century toast
Re: urndis(4) Frame length validation
armani@ pointed out that the checking is already done below, so the diff is useless. //Logan C-x-C-c
Re: urndis(4) Frame length validation
On 03/20/11 04:34, Janne Johansson wrote: 2011/3/20 Loganaden Velvindronlogana...@devio.us Hi, this diff also discards packets larger than maximum buffer size. With this patch and doing large scp's, I get a few: urndis0: urndis_decap invalid buffer len 1 minimum header 44 maximum size 1562 urndis0: urndis_decap invalid buffer len 1 minimum header 44 maximum size 1562 in my amd64 dmesg buffer, but no other changes noticed. on amd64, I get a few, but not as many as I did when I used it in the past. This is on -current, and I have a Droid A855 running Cyanogenmod 6.1.2 (stock android kernel, OC'ed to 800mhz with SetCPU)
urndis(4) Frame length validation
Hi, this diff also discards packets larger than maximum buffer size. Please test. Index: src/sys/dev/usb/if_urndis.c === RCS file: /cvs/src/sys/dev/usb/if_urndis.c,v retrieving revision 1.29 diff -u -p -r1.29 if_urndis.c --- src/sys/dev/usb/if_urndis.c 25 Jan 2011 20:03:35 - 1.29 +++ src/sys/dev/usb/if_urndis.c 20 Mar 2011 05:22:55 - @@ -801,12 +801,13 @@ urndis_decap(struct urndis_softc *sc, st DPRINTF((%s: urndis_decap buffer size left %u\n, DEVNAME(sc), len)); - if (len sizeof(*msg)) { + if (len sizeof(*msg) || len RNDIS_BUFSZ) { printf(%s: urndis_decap invalid buffer len %u - minimum header %u\n, + minimum header %u maximum size %d\n, DEVNAME(sc), len, - sizeof(*msg)); + sizeof(*msg), + RNDIS_BUFSZ); return; }