linux-mips
[Top] [All Lists]

Re: [PATCH] MIPS: BCM63XX: properly handle mac address octet overflow

To: Jonas Gorski <jonas.gorski@gmail.com>
Subject: Re: [PATCH] MIPS: BCM63XX: properly handle mac address octet overflow
From: Sergei Shtylyov <sshtylyov@mvista.com>
Date: Tue, 18 Sep 2012 15:51:53 +0400
Cc: Ralf Baechle <ralf@linux-mips.org>, linux-mips@linux-mips.org, Maxime Bizon <mbizon@freebox.fr>, Florian Fainelli <florian@openwrt.org>
In-reply-to: <1347960728-5884-1-git-send-email-jonas.gorski@gmail.com>
List-archive: <http://www.linux-mips.org/archives/linux-mips/>
List-help: <mailto:ecartis@linux-mips.org?Subject=help>
List-id: linux-mips <linux-mips.eddie.linux-mips.org>
List-owner: <mailto:ralf@linux-mips.org>
List-post: <mailto:linux-mips@linux-mips.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:ecartis@linux-mips.org?subject=subscribe%20linux-mips>
List-unsubscribe: <mailto:ecartis@linux-mips.org?subject=unsubscribe%20linux-mips>
References: <1347960728-5884-1-git-send-email-jonas.gorski@gmail.com>
Sender: linux-mips-bounce@linux-mips.org
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
Hello.

On 18-09-2012 13:32, Jonas Gorski wrote:

While calculating the mac address the pointer for the current octet was
never reset back to the least significant one after being decremented
because of an octet overflow. This resulted in the code continuing to
increment at the current octet, potentially generating duplicate or
invalid mac addresses.

As a second issue the pointer was allowed to advance up to the most
significant octet, modifying the OUI, and potentially changing the type
of mac address.

Rewrite the code so it resets the pointer to the least significant
in each outer loop step, and bails out when the least significant octet
of the OUI is reached.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
---
  arch/mips/bcm63xx/boards/board_bcm963xx.c |   16 +++++++++-------
  1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/arch/mips/bcm63xx/boards/board_bcm963xx.c 
b/arch/mips/bcm63xx/boards/board_bcm963xx.c
index ea4ea77..f0fcec6 100644
--- a/arch/mips/bcm63xx/boards/board_bcm963xx.c
+++ b/arch/mips/bcm63xx/boards/board_bcm963xx.c
@@ -720,7 +720,7 @@ const char *board_get_name(void)
   */
  static int board_get_mac_address(u8 *mac)
  {
-       u8 *p;
+       u8 *oui;
        int count;

        if (mac_addr_used >= nvram.mac_addr_count) {
@@ -729,21 +729,23 @@ static int board_get_mac_address(u8 *mac)
        }

        memcpy(mac, nvram.mac_addr_base, ETH_ALEN);
-       p = mac + ETH_ALEN - 1;
+       oui = mac + ETH_ALEN/2 - 1;
        count = mac_addr_used;

        while (count--) {
+               p = mac + ETH_ALEN - 1;

   But didn't you remove 'p' above? Did you compile this?

WBR, Sergei


<Prev in Thread] Current Thread [Next in Thread>