From owner-freebsd-net  Sun Oct 18 13:35:41 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA05375
          for freebsd-net-outgoing; Sun, 18 Oct 1998 13:35:41 -0700 (PDT)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA05369
          for <net@FreeBSD.ORG>; Sun, 18 Oct 1998 13:35:38 -0700 (PDT)
          (envelope-from archie@whistle.com)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id NAA15875; Sun, 18 Oct 1998 13:35:08 -0700 (PDT)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma015870; Sun Oct 18 13:34:48 1998
Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id NAA09621; Sun, 18 Oct 1998 13:34:48 -0700 (PDT)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199810182034.NAA09621@bubba.whistle.com>
Subject: Re: (minor, possibly irrelevant) security problem ?
In-Reply-To: <199810180614.HAA03365@labinfo.iet.unipi.it> from Luigi Rizzo at "Oct 18, 98 07:14:02 am"
To: luigi@labinfo.iet.unipi.it (Luigi Rizzo)
Date: Sun, 18 Oct 1998 13:34:48 -0700 (PDT)
Cc: net@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Luigi Rizzo writes:
> probably not very important at all, but if i am not mistaken,
> looking at the "ed" sources, i noticed that for short (< 60 bytes)
> packets, the driver does not bother to fill the remaining part of
> the packet with 0's but instead just bumps up the length. This
> potentially sends out bytes from previous packets to a destination
> that is not the intended one.
> 
> Is this something to worry about fixing (and possibly investigate other
> drivers if they do the same) ?

I'd say it's not a big deal but yes, technically is a security hole.
Probably you'd get a debate from the optimization camp, but I'd say
it should be fixed to zero out those bytes.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message