Am Montag, den 14.10.2019, 22:10 -0700 schrieb syzbot: > Hello, > > syzbot found the following crash on: > > HEAD commit: fa169025 kmsan: get rid of unused static functions in kmsa.. > git tree: https://github.com/google/kmsan.git master > console output: https://syzkaller.appspot.com/x/log.txt?x=1432a653600000 > kernel config: https://syzkaller.appspot.com/x/.config?x=49548798e87d32d7 > dashboard link: https://syzkaller.appspot.com/bug?extid=a8d4acdad35e6bbca308 > compiler: clang version 9.0.0 (/home/glider/llvm/clang > 80fee25776c2fb61e74c1ecb1a523375c2500b69) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14743a6f600000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=125bdbc7600000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+a8d4acdad35e6bbca308@xxxxxxxxxxxxxxxxxxxxxxxxx #syz test: https://github.com/google/kmsan.git fa169025
From a6fd7a04a330a8bfad836b20843ea5fe26e0ae38 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum@xxxxxxxx> Date: Thu, 17 Oct 2019 15:12:33 +0200 Subject: [PATCH] asix: fix information leak on short answers If a malicious device gives a short MAC it can elicit up to 5 bytes of leaked memory out of the driver. We need to check for ETH_ALEN. Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx> --- drivers/net/usb/ax88172a.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ax88172a.c b/drivers/net/usb/ax88172a.c index 011bd4cb546e..af3994e0853b 100644 --- a/drivers/net/usb/ax88172a.c +++ b/drivers/net/usb/ax88172a.c @@ -196,7 +196,7 @@ static int ax88172a_bind(struct usbnet *dev, struct usb_interface *intf) /* Get the MAC address */ ret = asix_read_cmd(dev, AX_CMD_READ_NODE_ID, 0, 0, ETH_ALEN, buf, 0); - if (ret < 0) { + if (ret < ETH_ALEN) { netdev_err(dev->net, "Failed to read MAC address: %d\n", ret); goto free; } -- 2.16.4