From patchwork Fri Feb 23 20:17:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Hellermann X-Patchwork-Id: 10239607 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 62A9660390 for ; Fri, 23 Feb 2018 20:18:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 51AAD29709 for ; Fri, 23 Feb 2018 20:18:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4643E29967; Fri, 23 Feb 2018 20:18:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id BCBFE29709 for ; Fri, 23 Feb 2018 20:18:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=G7YMMTTwO3qtldAcEqvj4gO0L58u6MDLffMNk8MPB+s=; b=p6OXUFMEZF/lk+izlTeM9vyDf6 xuYlWbEXjpsUK4l91PhHMRhMFgcyWs2IxP/o0hDKOJrcgDBD/w1D7AlbdeYCQy87goRxuxlYEysiI XFAc7q2I+TpSyRyg/JAMVFLG/D5xVAXPb7zt6biDs9ShnGqNfMEju2HI1ITBBXQ2ugl66ITBmXUbC tdz7bDAkqw3oAXNgQ7y6rB9WJqnIjG3oJPBSRDReJGSiV61q+GhKKSIy9dq17E5zoJpnz/rkHzb4r JAvaL7w+tX5BlZQKeB9TrXLuii+OaTXAyLQ9wvrN9xi6Mr7lDPbvbxP4o7/9vx9A9w9D+4YUbp+Kt DANXLcJg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1epJne-0001pp-2j; Fri, 23 Feb 2018 20:18:34 +0000 Received: from mail-wm0-x242.google.com ([2a00:1450:400c:c09::242]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1epJnZ-0001na-UC for linux-arm-kernel@lists.infradead.org; Fri, 23 Feb 2018 20:18:31 +0000 Received: by mail-wm0-x242.google.com with SMTP id t3so6818534wmc.2 for ; Fri, 23 Feb 2018 12:18:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=the2masters.de; s=mail; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=kz9kaDXVfG1mhqy8cEMl1H3hskmO2s/PeyBz2UBEb6o=; b=JmrHJiM6J73uuaCeXK3ejcgY5mivKcs1im/B7bR9gE2GEprAcHWB0yxmRJ8kz1944k 5gLaRa3ebRDXbVSmpBxCUbX27E72rE34JHyHS1pKfPGjSgcX3OpiQyQTEhYRewuYqGMd gtkCYykSDxcAa0a1g+4wQ5mPe8QOR2PkJqtk4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=kz9kaDXVfG1mhqy8cEMl1H3hskmO2s/PeyBz2UBEb6o=; b=BXCX2whsDMI+ioz+Z5WqjoLL+L5Jn3CNsyvLaKNPcS1Bl4N3fxq8sQFTjJLuyIe7ge vg62FiPCqbUjulhJ12LBeN5goBwIXFfDa0GDBerizMnzEc5ZlJz4VkszjFS+iGDBK5BI BSy/jtRSrkZp9yOrBYl60fh6r1GTDuP6zexTXrVNok5HDADF3JJhjO7Y6WJrseApavhW CLXG5dk8xc2dsHwUnehwDKvvBwzJyVI+4fFt8wsL4zJNuC2mLg+1cLI86lcW16o8xGrQ XBQrZ2IiMQWhSrgG1mqQVo70jhZIqgMdDQ/cDTHFvDsjHGxUwxoUiiiDjJtQf+pECSUa 78LQ== X-Gm-Message-State: APf1xPBRUu4s5A7/YDZmEt/vPd2TpeuMQsHDNLyQGphrBh8esXgKxnNc ewTEZC62wssc/YAlsxgbwgQHQQ== X-Google-Smtp-Source: AG47ELstTL97tAczCd9mPtRX0qUhXjJlObf3NDdTQNIDGUEd6mPyYFpsAC6Af2pxBZNhFT0Hdwj5pQ== X-Received: by 10.28.69.87 with SMTP id s84mr2632406wma.107.1519417096936; Fri, 23 Feb 2018 12:18:16 -0800 (PST) Received: from server.kirschstein.lan (p5B018091.dip0.t-ipconnect.de. [91.1.128.145]) by smtp.gmail.com with ESMTPSA id j42sm4826963wre.55.2018.02.23.12.18.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 23 Feb 2018 12:18:15 -0800 (PST) From: Stefan Hellermann To: netdev@vger.kernel.org, adobriyan@gmail.com, andriy.shevchenko@linux.intel.com, andrew@lunn.ch, linux@arm.linux.org.uk, jason@lakedaemon.net, dv@vollmann.ch, gregory.clement@free-electrons.com, linux-arm-kernel@lists.infradead.org Subject: [PATCH] net: Allow mac_pton() to work on non-NULL terminated strings Date: Fri, 23 Feb 2018 21:17:48 +0100 Message-Id: <20180223201748.14328-1-stefan@the2masters.de> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180223182006.GA2116@avx2> References: <20180223182006.GA2116@avx2> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180223_121829_986447_C4D4D79E X-CRM114-Status: GOOD ( 16.52 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Hellermann , "\[ 4 . 4+ \]" MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Commit 4904dbda41c8 ("ARM: orion5x: use mac_pton() helper") crashes my QNAP TS-209 NAS early on boot. The boot code for the TS-209 is looping through an ext2 filesystem on a 384kB mtd partition (factory configuration put there by QNAP). There it looks on every 1kB boundary if there is a valid MAC address. The filesystem has a 1kB block size, so this seems to work. On my device the MAC address is on the 37th 1kB block. But: On the 27th block is a large file (1,5kB) without 0 bytes inside. The code in qnap_tsx09_find_mac_addr() maps 1kB into memory (not a whole file or the whole 384kB) and then calls qnap_tsx09_check_mac_addr() -> mac_pton() -> strlen() on this memory block. as there is no 0 byte in the file on the 27th block, strlen() runs into bad memory and the machine panics. The old code had no strlen(). Actually mac_pton() doesn't need to call strlen(), the following loop catches short strings quite nicely. The strlen() seems to be an optimization for calls to mac_pton with empty string. But this is rarely the case and this is not a hot path. Remove it to reduce code size and speed up calls with an not empty string. Besides fixing the crash there is are other users interested in this change, see https://patchwork.ozlabs.org/patch/851008/ Fixes: 4904dbda41c8 ("ARM: orion5x: use mac_pton() helper") Signed-off-by: Stefan Hellermann Cc: [4.4+] Reviewed-by: Andrew Lunn Reviewed-by: Alexey Dobriyan Reviewed-by: Andy Shevchenko --- lib/net_utils.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/net_utils.c b/lib/net_utils.c index af525353395d..9d38da67ee44 100644 --- a/lib/net_utils.c +++ b/lib/net_utils.c @@ -8,10 +8,6 @@ bool mac_pton(const char *s, u8 *mac) { int i; - /* XX:XX:XX:XX:XX:XX */ - if (strlen(s) < 3 * ETH_ALEN - 1) - return false; - /* Don't dirty result unless string is valid MAC. */ for (i = 0; i < ETH_ALEN; i++) { if (!isxdigit(s[i * 3]) || !isxdigit(s[i * 3 + 1]))