[ofw] [Patch][ipoib][ipoib_NDIS6_CM] Fixing a bug when OID_GEN_NETWORK_LAYER_ADDRESSES contains bad data

Fab Tillier ftillier at microsoft.com
Wed Aug 25 09:25:48 PDT 2010


What are the repro steps for this?

Thanks,
-Fab

Alex Naslednikov wrote on Tue, 24 Aug 2010 at 23:06:15

> Yes, we got to the same decision - the NETWORK_ADDRESS array contained 5
> 6-bytes chunks instead of 5 14-bytes chunks. But anyway, this bug at
> NDIS caused BSOD at ipoib (because of memory violation)
> 
> -----Original Message-----
> From: Hefty, Sean [mailto:sean.hefty at intel.com]
> Sent: Monday, August 23, 2010 7:16 PM
> To: Alex Naslednikov; ofw at lists.openfabrics.org
> Subject: RE: [ofw] [Patch][ipoib][ipoib_NDIS6_CM] Fixing a bug when
> OID_GEN_NETWORK_LAYER_ADDRESSES contains bad data
> 
>> Fixing the bug when NDIS sends OID_GEN_NETWORK_LAYER_ADDRESSES with
>> the list of new addresses with invalid formatting (happened when
>> AddressCount
>> =5)
>> 
>> NDIS sends NETWORK_ADDRESS_LIST structure, which contains an array of
>> NETWORK_ADDRESS structures of variable size.
>> The calculation of the next address offset is based on AddressLength;
>> in a case when this field contains wrong data, one can get access
>> violation error
> 
> This sounds like a bug in NDIS
> 
> _______________________________________________
> ofw mailing list
> ofw at lists.openfabrics.org
> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw



More information about the ofw mailing list