[Linux-kernel-mentees] [PATCH] net: usb: rtl8150: prevent set_ethernet_addr from setting uninit address
anant.thazhemadam at gmail.com
Tue Sep 29 08:46:39 UTC 2020
A sample crash report can be found here.
The line where the bug seems to get triggered is,
Looks like it goes through the list of ethernet interfaces, and
compares it with the address of the new device; which can
end up going uninitialized too.
The address should have been set by set_ethernet_addr:
static inline void set_ethernet_addr(rtl8150_t * dev)
get_registers(dev, IDR, sizeof(node_id), node_id);
memcpy(dev->netdev->dev_addr, node_id, sizeof(node_id));
However, when get_registers() fails (when ret <= 0 or ret > size),
no memory is copied back into node_id, which remains uninitialized.
The address is then set to be this uninitialized node_id value.
Checking for the return value of get_registers() in set_ethernet_addr()
and further checking the value of set_ethernet_addr() where ever it has
been invoked, and handling the condition wherein get_registers() fails
appropriately helps solve this issue.
Thank you for your time.
More information about the Linux-kernel-mentees