* [RFC PATCH] asix: drop rx skb if header length is invalid
@ 2011-06-28 21:21 maksim.rayskiy
0 siblings, 0 replies; only message in thread
From: maksim.rayskiy @ 2011-06-28 21:21 UTC (permalink / raw)
To: netdev; +Cc: Maksim Rayskiy
From: Maksim Rayskiy <mrayskiy@broadcom.com>
Signed-off-by: Maksim Rayskiy <mrayskiy@broadcom.com>
---
I am using AX88772 usbnet dongle, and sometimes after system resume I am seeing
corrupt rx packets which generate infinite number of
asix_rx_fixup() Bad Header Length
messages.
Looking at asix_rx_fixup() I see that depending on what junk you get in skb you
may end up with never breaking the while loop. Would not it be safer to bail out
as soon as incorrect header length was detected?
drivers/net/usb/asix.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/drivers/net/usb/asix.c b/drivers/net/usb/asix.c
index 6998aa6..9d7a6ec 100644
--- a/drivers/net/usb/asix.c
+++ b/drivers/net/usb/asix.c
@@ -317,6 +317,7 @@ static int asix_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
if ((short)(header & 0x0000ffff) !=
~((short)((header & 0xffff0000) >> 16))) {
netdev_err(dev->net, "asix_rx_fixup() Bad Header Length\n");
+ return 0;
}
/* get the packet length */
size = (u16) (header & 0x0000ffff);
--
1.7.4.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2011-06-28 21:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-06-28 21:21 [RFC PATCH] asix: drop rx skb if header length is invalid maksim.rayskiy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).