Hi,
going through the USB network drivers looking for ways
a malicious device could do us harm I found drivers taking
the alignment coming from the device for granted.
An example can be seen in qmi_wwan:
while (offset + qmimux_hdr_sz < skb->len) {
hdr = (struct qmimux_hdr*)(skb->data + offset);
len = be16_to_cpu(hdr->pkt_len);
As you can see the driver accesses stuff coming from the device with the
expectation
that it keep to natural alignment. On some architectures that is a way a
device could use to do bad things to a host. What is to be done about
that?
Regards
Oliver
