From: Jean Tourrilhes <jt-sDzT885Ts8HQT0dZR+AlfA@public.gmane.org>
To: Pavel Roskin <proski-mXXj517/zsQ@public.gmane.org>,
Orinoco Devel
<orinoco-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH SECURITY]: orinoco: Information leakage due to incorrect
Date: Thu, 6 Oct 2005 09:33:44 -0700 [thread overview]
Message-ID: <20051006163344.GA19738@bougret.hpl.hp.com> (raw)
Pavel Roskin wrote :
>
> orinoco: Information leakage due to incorrect padding
>
> The orinoco driver can send uninitialized data exposing random pieces of
> the system memory. This happens because data is not padded with zeroes
> when its length needs to be increased.
I believe the 802.11 doesn't specify and doesn't require
padding, therefore in theory, none of the 802.11 drivers need to do
padding.
Padding is specific to the way the original Ethernet protocol
detect collisions over the wire, it require a minimum message length
due to the propagation and reflection time of the packet. Propagation
time is way faster over the air and we can't detect collisions anyway,
therefore it doesn't make sense to implement padding. It's just
unnecessary overhead.
Now, I'm not 100% certain that all firmware and TCP/IP stack
would be happy with that, but it's worth a try at some point.
Have fun...
Jean
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
reply other threads:[~2005-10-06 16:33 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051006163344.GA19738@bougret.hpl.hp.com \
--to=jt-sdzt885ts8hqt0dzr+alfa@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=orinoco-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=proski-mXXj517/zsQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).