aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2020-09-15 21:42:05 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2020-09-15 21:42:05 +0000
commit7dc935d29efdccf027d1cd85b59a613a1e1deaf5 (patch)
tree57054c50459cd76c31c0d94d224eb660208b03f7
parentbc224160e9e7c2ad776ff1bfce7ab576fe2e8612 (diff)
downloadsrc-7dc935d29efdccf027d1cd85b59a613a1e1deaf5.tar.gz
src-7dc935d29efdccf027d1cd85b59a613a1e1deaf5.zip
Fix ure device driver susceptible to packet-in-packet attack.
Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:27.ure Security: CVE-2020-7464
Notes
Notes: svn path=/releng/11.4/; revision=365778
-rw-r--r--sys/dev/usb/net/if_ure.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/dev/usb/net/if_ure.c b/sys/dev/usb/net/if_ure.c
index 9d7f47a576ee..0d4032e41864 100644
--- a/sys/dev/usb/net/if_ure.c
+++ b/sys/dev/usb/net/if_ure.c
@@ -710,7 +710,9 @@ ure_init(struct usb_ether *ue)
~URE_RXDY_GATED_EN);
/* Set Rx mode. */
- rxmode = URE_RCR_APM;
+ rxmode = ure_read_4(sc, URE_PLA_RCR, URE_MCU_TYPE_PLA);
+ rxmode &= ~URE_RCR_ACPT_ALL;
+ rxmode |= URE_RCR_APM;
/* If we want promiscuous mode, set the allframes bit. */
if (ifp->if_flags & IFF_PROMISC)