[U-Boot] Bug in netconsole?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nick Thompson <nick.thompson@ge.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] Bug in netconsole?
Date: Wed, 14 Nov 2012 09:59:29 +0000	[thread overview]
Message-ID: <50A36B81.1090100@ge.com> (raw)

I think there might be a bug in this commit:

http://git.denx.de/cgi-bin/gitweb.cgi?p=u-boot.git;a=commitdiff;h=2c8fe5120f8da013cbd789be2f10cce880972836

The commit makes "the netconsole buffer size configurable". It adds CONFIG_NETCONSOLE_BUFFER_SIZE and maintains the original 512 default value used to define the length of input_buffer[]. nc_input_packet uses sizeof this to read packet data into input_buffer[]. This appears fine.

The commit also adds to following in the output chain:

@@ -214,7 +218,7 @@ static void nc_puts(const char *s)

        len = strlen(s);
        while (len) {
-               int send_len = min(len, 512);
+               int send_len = min(len, sizeof(input_buffer));
                nc_send_packet(s, send_len);
                len -= send_len;
                s += send_len;

I can't see how this code relates to the sizeof input_buffer. The nc_puts data is written directly into NetTxPacket (plus header offsets) which is set to 1536 + alignment bytes long. If input_buffer is bigger than this, a buffer overflow will occur. Obviously the default value of 512 will not trigger the problem. The 512 magic number possibly ought to be derived from PKTSIZE_ALIGN (net.h), but I don't think sizeof(input_buffer) is appropriate here.

Regards,
Nick.

next             reply	other threads:[~2012-11-14  9:59 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-14  9:59 Nick Thompson [this message]
2012-11-16  4:41 ` [U-Boot] Bug in netconsole? Joe Hershberger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50A36B81.1090100@ge.com \
    --to=nick.thompson@ge.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.