malicious devices causing unaligned accesses [v2]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

going through the USB network drivers looking for ways
a malicious device could do us harm I found drivers taking
the alignment coming from the device for granted.

An example can be seen in qmi_wwan:

while (offset + qmimux_hdr_sz < skb->len) {
    hdr = (struct qmimux_hdr*)(skb->data + offset);
    len = be16_to_cpu(hdr->pkt_len);

As you can see the driver accesses stuff coming from the device with the
expectation
that it keep to natural alignment. On some architectures that is a way a
device could use to do bad things to a host. What is to be done about
that?

    Regards
        Oliver






[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux