[PATCH] ne.c 8139too.c to fix CERT VU#412115, 2.4.20

David McCullough (davidm@snapgear.com)
Sat, 11 Jan 2003 00:52:34 +1000


Hi all,

Here's a patch for the ne2000 driver (ne.c) and the RealTek driver
(8139too.c) in the 2.4.20 kernel to fix the CERT vulnerability VU#412115:

http://www.kb.cert.org/vuls/id/412115

For interest, the smc9194 and FEC ethernet drivers appear to be ok.
Please CC me on any replies,

Cheers,
Davidm

--- linux-2.4.20/drivers/net/ne.c.orig Sat Aug 3 10:39:44 2002
+++ linux-2.4.20/drivers/net/ne.c Sat Jan 11 00:29:36 2003
@@ -623,6 +623,7 @@
const unsigned char *buf, const int start_page)
{
int nic_base = NE_BASE;
+ int pad_count = count >= ETH_ZLEN ? count : ETH_ZLEN;
unsigned long dma_start;
#ifdef NE_SANITY_CHECK
int retries = 0;
@@ -669,16 +670,22 @@
outb_p(ENISR_RDC, nic_base + EN0_ISR);

/* Now the normal output. */
- outb_p(count & 0xff, nic_base + EN0_RCNTLO);
- outb_p(count >> 8, nic_base + EN0_RCNTHI);
+ outb_p(pad_count & 0xff, nic_base + EN0_RCNTLO);
+ outb_p(pad_count >> 8, nic_base + EN0_RCNTHI);
outb_p(0x00, nic_base + EN0_RSARLO);
outb_p(start_page, nic_base + EN0_RSARHI);

outb_p(E8390_RWRITE+E8390_START, nic_base + NE_CMD);
if (ei_status.word16) {
outsw(NE_BASE + NE_DATAPORT, buf, count>>1);
+ while (count < pad_count) {
+ outw_p(0x00, NE_BASE + NE_DATAPORT);
+ count += 2;
+ }
} else {
outsb(NE_BASE + NE_DATAPORT, buf, count);
+ while (count++ < pad_count)
+ outb_p(0x00, NE_BASE + NE_DATAPORT);
}

dma_start = jiffies;

--- linux-2.4.20/drivers/net/8139too.c.orig Fri Nov 29 09:53:13 2002
+++ linux-2.4.20/drivers/net/8139too.c Sat Jan 11 00:29:36 2003
@@ -1683,6 +1683,9 @@

if (likely(len < TX_BUF_SIZE)) {
skb_copy_and_csum_dev(skb, tp->tx_buf[entry]);
+ /* PAD the frame out with zeroes */
+ if (len < (unsigned int) ETH_ZLEN)
+ memset(tp->tx_buf[entry] + len, 0, ETH_ZLEN - len);
dev_kfree_skb(skb);
} else {
dev_kfree_skb(skb);

-- 
David McCullough:    Ph: +61 7 3435 2815  http://www.SnapGear.com
davidm@snapgear.com  Fx: +61 7 3891 3630  Custom Embedded Solutions + Security
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/