From: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
To: Jian-Hong Pan <starnight@g.ncu.edu.tw>
Cc: "Andreas Färber" <afaerber@suse.de>,
"David S . Miller" <davem@davemloft.net>,
netdev@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org,
"Marcel Holtmann" <marcel@holtmann.org>,
"Dollar Chen" <dollar.chen@wtmec.com>,
"Ken Yu" <ken.yu@rakwireless.com>,
linux-wpan@vger.kernel.org,
"Stefan Schmidt" <stefan@datenfreihafen.org>
Subject: Re: [PATCH V4 5/6] net: maclorawan: Implement maclorawan class module
Date: Tue, 4 Dec 2018 20:45:08 +0000 [thread overview]
Message-ID: <20181204204508.3ebead06@alans-desktop> (raw)
In-Reply-To: <20181204141341.4353-6-starnight@g.ncu.edu.tw>
> +void
> +lrw_parse_frame(struct lrw_session *ss, struct sk_buff *skb)
> +{
> + struct lrw_fhdr *fhdr = &ss->rx_fhdr;
> + __le16 *p_fcnt;
> +
> + pr_debug("%s: %s\n", LORAWAN_MODULE_NAME, __func__);
> +
> + /* Get message type */
> + fhdr->mtype = skb->data[0];
> + skb_pull(skb, LRW_MHDR_LEN);
This does not seem robust. There is no point at which you actually check
the message size is valid etc
> + fhdr->fopts_len = fhdr->fctrl & 0xF;
> + if (fhdr->fopts_len > 0) {
> + memcpy(fhdr->fopts, skb->data, fhdr->fopts_len);
> + skb_pull(skb, fhdr->fopts_len);
> + }
In fact you appear to copy random kernel memory into a buffer
> +
> + /* TODO: Parse frame options */
> +
> + /* Remove message integrity code */
> + skb_trim(skb, skb->len - LRW_MIC_LEN);
and then try and trim the buffer to a negative size ?
Alan
next prev parent reply other threads:[~2018-12-04 20:45 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-23 17:15 [RFC 0/3 net] lorawan: Add LoRaWAN soft MAC module Jian-Hong Pan
2018-08-23 17:15 ` [RFC 1/3 net] lorawan: Add LoRaWAN class module Jian-Hong Pan
2018-08-23 17:43 ` Randy Dunlap
2018-08-24 15:58 ` Jian-Hong Pan
2018-09-23 16:40 ` Andreas Färber
2018-09-26 15:52 ` Jian-Hong Pan
2018-11-05 16:55 ` [PATCH V2 0/7] net: lorawan: Add LoRaWAN soft MAC module Jian-Hong Pan
2018-11-05 16:55 ` [PATCH V2 1/7] net: lorawan: Add macro and definition for LoRaWAN Jian-Hong Pan
2018-11-05 16:55 ` [PATCH V2 2/7] net: lorawan: Add LoRaWAN socket module Jian-Hong Pan
2018-11-05 18:16 ` David Miller
2018-11-06 14:28 ` Jian-Hong Pan
2018-11-14 16:01 ` [PATCH V3 0/7] net: lorawan: Add LoRaWAN soft MAC module Jian-Hong Pan
2018-11-14 16:01 ` [PATCH V3 1/7] net: lorawan: Add macro and definition for LoRaWAN Jian-Hong Pan
2018-11-14 16:12 ` Andreas Färber
2018-11-17 6:47 ` Jian-Hong Pan
2018-11-14 16:01 ` [PATCH V3 2/7] net: lorawan: Add LoRaWAN socket module Jian-Hong Pan
2018-11-17 4:32 ` David Miller
2018-11-17 14:54 ` Jian-Hong Pan
2018-12-04 14:13 ` [PATCH V4 0/6] net: lorawan: Add LoRaWAN soft MAC module Jian-Hong Pan
2018-12-04 14:13 ` [PATCH V4 1/6] net: lorawan: Add LoRaWAN socket module Jian-Hong Pan
2018-12-04 14:13 ` [PATCH V4 2/6] net: lorawan: Add LoRaWAN API declaration for LoRa devices Jian-Hong Pan
2018-12-04 14:13 ` [PATCH V4 3/6] net: maclorawan: Add maclorawan module declaration Jian-Hong Pan
2018-12-04 14:13 ` [PATCH V4 4/6] net: maclorawan: Implement the crypto of maclorawan module Jian-Hong Pan
2018-12-04 14:13 ` [PATCH V4 5/6] net: maclorawan: Implement maclorawan class module Jian-Hong Pan
2018-12-04 20:45 ` Alan Cox [this message]
2018-12-09 8:27 ` Jian-Hong Pan
2018-12-16 10:18 ` [PATCH v5 0/6] net: lorawan: Add LoRaWAN soft MAC module Jian-Hong Pan
2018-12-17 13:51 ` Jiri Pirko
2018-12-16 10:18 ` [PATCH v5 1/6] net: lorawan: Add LoRaWAN socket module Jian-Hong Pan
2018-12-29 7:27 ` Andreas Färber
2019-01-07 14:47 ` Jian-Hong Pan
2019-01-13 14:51 ` Jian-Hong Pan
2018-12-16 10:18 ` [PATCH v5 2/6] net: lorawan: Add LoRaWAN API declaration for LoRa devices Jian-Hong Pan
2018-12-16 10:18 ` [PATCH v5 3/6] net: maclorawan: Add maclorawan module declaration Jian-Hong Pan
2018-12-16 10:18 ` [PATCH v5 4/6] net: maclorawan: Implement the crypto of maclorawan module Jian-Hong Pan
2018-12-16 10:18 ` [PATCH v5 5/6] net: maclorawan: Implement maclorawan class module Jian-Hong Pan
2018-12-17 14:02 ` Jiri Pirko
2018-12-18 14:27 ` Jian-Hong Pan
2018-12-18 14:27 ` Jiri Pirko
2018-12-18 15:34 ` Jian-Hong Pan
2018-12-18 18:49 ` Andreas Färber
2018-12-19 11:27 ` Ben Whitten
2018-12-19 16:26 ` Jian-Hong Pan
2018-12-20 9:20 ` Xue Liu
2018-12-20 16:00 ` Jian-Hong Pan
2018-12-28 8:11 ` Netlink userspace tools for LoRa(WAN), FSK, Sigfox, BLE, etc. (was: [PATCH v5 5/6] net: maclorawan: Implement maclorawan class module) Andreas Färber
2018-12-28 15:49 ` Alexander Aring
2018-12-20 10:19 ` [PATCH v5 5/6] net: maclorawan: Implement maclorawan class module Ben Whitten
2018-12-20 15:31 ` Andreas Färber
2018-12-16 10:19 ` [PATCH v5 6/6] net: lorawan: List LORAWAN in menuconfig Jian-Hong Pan
2018-12-17 8:50 ` Xue Liu
2018-12-17 14:19 ` Andreas Färber
2018-12-18 13:50 ` Xue Liu
2018-12-24 15:32 ` Alexander Aring
2018-12-28 4:57 ` Andreas Färber
2018-12-28 15:43 ` Alexander Aring
2018-12-29 6:28 ` Andreas Färber
2018-12-04 14:13 ` [PATCH V4 " Jian-Hong Pan
2018-11-14 16:01 ` [PATCH V3 3/7] net: lorawan: Add LoRaWAN API declaration for LoRa devices Jian-Hong Pan
2018-11-14 16:01 ` [PATCH V3 4/7] net: maclorawan: Add maclorawan module declaration Jian-Hong Pan
2018-11-17 4:32 ` David Miller
2018-11-17 6:32 ` Jian-Hong Pan
2018-11-14 16:01 ` [PATCH V3 5/7] net: maclorawan: Implement the crypto of maclorawan module Jian-Hong Pan
2018-11-14 16:01 ` [PATCH V3 6/7] net: maclorawan: Implement maclorawan class module Jian-Hong Pan
2018-11-14 16:01 ` [PATCH V3 7/7] net: lorawan: List LORAWAN in menuconfig Jian-Hong Pan
2018-11-05 16:55 ` [PATCH V2 3/7] net: lorawan: Add LoRaWAN API declaration for LoRa devices Jian-Hong Pan
2018-11-05 16:55 ` [PATCH V2 4/7] net: maclorawan: Add maclorawan module declaration Jian-Hong Pan
2018-11-05 16:55 ` [PATCH V2 5/7] net: maclorawan: Implement the crypto of maclorawan module Jian-Hong Pan
2018-11-05 16:55 ` [PATCH V2 6/7] net: maclorawan: Implement maclorawan class module Jian-Hong Pan
2018-11-05 16:55 ` [PATCH V2 7/7] net: lorawan: List LORAWAN in menuconfig Jian-Hong Pan
2018-08-23 17:15 ` [RFC 2/3 net] lorawan: Add macro and definition for LoRaWAN class modlue Jian-Hong Pan
2018-09-23 16:06 ` Andreas Färber
2018-09-26 14:46 ` Jian-Hong Pan
2018-08-23 17:15 ` [RFC 3/3 net] lorawan: List LORAWAN in menuconfig Jian-Hong Pan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181204204508.3ebead06@alans-desktop \
--to=gnomes@lxorguk.ukuu.org.uk \
--cc=afaerber@suse.de \
--cc=davem@davemloft.net \
--cc=dollar.chen@wtmec.com \
--cc=ken.yu@rakwireless.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wpan@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=starnight@g.ncu.edu.tw \
--cc=stefan@datenfreihafen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).