Bug 140616 - RHEL3 PATCH dev.c: clear SIOCGIFHWADDR buffer if !dev->addr_len
Summary: RHEL3 PATCH dev.c: clear SIOCGIFHWADDR buffer if !dev->addr_len
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 3.0
Hardware: All Linux
Target Milestone: ---
Assignee: David Miller
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2004-11-23 20:51 UTC by jordan hargrave
Modified: 2007-11-30 22:07 UTC (History)
4 users (show)

Fixed In Version: RHEL3 U5 beta
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-05-18 13:28:41 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch for /net/core/dev.c (644 bytes, patch)
2004-11-23 21:35 UTC, jordan hargrave
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:294 normal SHIPPED_LIVE Moderate: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 5 2005-05-18 04:00:00 UTC

Description jordan hargrave 2004-11-23 20:51:04 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET 
CLR 1.1.4322)

Description of problem:
Issuing a SIOCGIFHWADDR on a ppp connection does not clear the 
address buffer, causing garbage data to be reported as the HWADDR 

If dev->dev_addr is zero, then the memcpy() never takes place, and the
same data that was in the caller's buffer is still in the caller's
buffer on successful return.  The caller can't know that the data in
its buffer isn't the right answer.  So, if dev->dev_dev_addr == 0,
clear the buffer before returning success.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Install RHEL3 kernel
2.Create ppp connection
3.Initialize mac addr field with random data, issue SIOCGIFHWADDR on 
ppp interface. HWADDR field is not updated

Actual Results:  Garbage data appears in the HWADDR field

Expected Results:  Field should be zeroed out

Additional info:

Comment 1 jordan hargrave 2004-11-23 21:35:38 UTC
Created attachment 107344 [details]
Patch for /net/core/dev.c

Comment 2 David Miller 2004-11-23 23:55:42 UTC
Patch not needed, the problem only exists in 2.6.x kernels.
In 2.4.x, we always perform the memcpy with a length of
MAX_ADDR_LEN from dev->dev_addr which will be all zeros
for devices with zero dev->addr_len.

Comment 3 Matt Domsch 2004-11-24 13:48:00 UTC
DaveM, that's true for upstream, but not for RHEL3 kernels.  Here's
what 2.4.21-26.EL has, must have been backported from 2.6 at some point.

                case SIOCGIFHWADDR:
                               min(sizeof ifr->ifr_hwaddr.sa_data,
(size_t) dev->addr_len));
                        return 0;

Comment 4 David Miller 2004-11-24 23:02:08 UTC
My bad, you're of course right.
I'll submit this patch for inclusion.

Comment 5 John W. Linville 2004-11-29 14:37:20 UTC
*** Bug 140585 has been marked as a duplicate of this bug. ***

Comment 6 Matt Domsch 2004-12-08 19:26:37 UTC
As this isn't in 2.4.21-27.EL (U4 release candidate) kernel, can we
expect to see this in U5?

Comment 7 Ernie Petrides 2004-12-08 20:55:23 UTC
The patch in comment #1 is on target for inclusion in U5.  I'll
update this bug report when the fix has been committed to CVS.

Comment 8 Ernie Petrides 2004-12-23 23:14:45 UTC
A fix for this problem has just been committed to the RHEL3 U5
patch pool this evening (in kernel version 2.4.21-27.5.EL).

Comment 9 jordan hargrave 2005-03-29 22:58:14 UTC
This is fixed in U5 Beta1

Comment 10 Ernie Petrides 2005-04-07 19:37:10 UTC
Thanks for the verification, Jordan.  I'm reverting the state of this BZ
to MODIFIED until U5 is actually released.  When that happens, the state
will be automatically changed to CLOSED/ERRATA.

Comment 11 Tim Powers 2005-05-18 13:28:41 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.