Re: KMSAN: uninit-value in cdc_ncm_set_dgram_size

[Oliver Neukum]

Am Dienstag, den 05.11.2019, 13:25 +0100 schrieb BjÃrn Mork:
> Oliver Neukum <oneukum@xxxxxxxx> writes:
> > Am Montag, den 04.11.2019, 22:22 +0100 schrieb BjÃrn Mork:

> Ah, OK. So that could be fixed with e.g.
> 
>   if (err < 2)
>        goto out;
> 
> 
> Or would it be better to add a strict length checking variant of this
> API?  There are probably lots of similar cases where we expect a

We would lose flexibilty and the check needs to be there anyway.

> Right.  And probably all 16 or 32 bit integer reads...
> 
> Looking at the NCM spec, I see that the wording is annoyingly flexible
> wrt length - both ways.  E.g for GetNetAddress:
> 
>   To get the entire network address, the host should set wLength to at
>   least 6. The function shall never return more than 6 bytes in response
>   to this command.
> 
> Maybe the correct fix is simply to let usbnet_read_cmd() initialize the
> full buffer regardless of what the device returns?  I.e.

This issue has never been observed in the wild. We are defending
against a possible attack. It is better to react drastically.

> at do you think?
> 
> Personally, I don't think it makes sense for a device to return a 1-byte
> mtu or 3-byte mac address. But the spec allows it and this would at
> least make it safe.

Hence we should ignore such a reply. The support is optional anyway.
For usbnet as such, however, we cannot really hardcode the size of
a MAC.

	Regards
		Oliver