commit d21a7713464c7d35b2cce1fe7f7d87928d6a047e

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

MIPS: BCM63XX: Properly handle mac address octet overflow

While calculating the mac address the pointer for the current octet was
never reset back to the least significant one after being decremented
because of an octet overflow. This resulted in the code continuing to
increment at the current octet, potentially generating duplicate or
invalid mac addresses.

As a second issue the pointer was allowed to advance up to the most
significant octet, modifying the OUI, and potentially changing the type
of mac address.

Rewrite the code so it resets the pointer to the least significant
in each outer loop step, and bails out when the least significant octet
of the OUI is reached.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: Maxime Bizon <mbizon@freebox.fr>
Cc: Florian Fainelli <florian@openwrt.org>
Cc: Sergei Shtylyov <sshtylyov@mvista.com>
Patchwork: https://patchwork.linux-mips.org/patch/4348/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

authored by

Jonas Gorski and committed by

Ralf Baechle 13 years ago d21a7713 0b3e06fd

+9 -7

1 changed file

expand all

unified split

arch

mips

bcm63xx

boards

board_bcm963xx.c

+9 -7

arch/mips/bcm63xx/boards/board_bcm963xx.c

··· 720 720 */ 721 721 static int board_get_mac_address(u8 *mac) 722 722 { 723 - u8 *p; 723 + u8 *oui; 724 724 int count; 725 725 726 726 if (mac_addr_used >= nvram.mac_addr_count) { ··· 729 729 } 730 730 731 731 memcpy(mac, nvram.mac_addr_base, ETH_ALEN); 732 - p = mac + ETH_ALEN - 1; 732 + oui = mac + ETH_ALEN/2 - 1; 733 733 count = mac_addr_used; 734 734 735 735 while (count--) { 736 + u8 *p = mac + ETH_ALEN - 1; 737 + 736 738 do { 737 739 (*p)++; 738 740 if (*p != 0) 739 741 break; 740 742 p--; 741 - } while (p != mac); 742 - } 743 + } while (p != oui); 743 744 744 - if (p == mac) { 745 - printk(KERN_ERR PFX "unable to fetch mac address\n"); 746 - return -ENODEV; 745 + if (p == oui) { 746 + printk(KERN_ERR PFX "unable to fetch mac address\n"); 747 + return -ENODEV; 748 + } 747 749 } 748 750 749 751 mac_addr_used++;