On 25 Mar 2003, Benjamin Herrenschmidt wrote:
> This code in cdc-ether.c, CDCEther_start_xmit()
> 2.5.x current but 2.4 seem wrong too:
>
> // If we are told to transmit an ethernet frame that fits EXACTLY
> // into an integer number of USB packets, we force it to send one
> // more byte so the device will get a runt USB packet signalling the
> // end of the ethernet frame
> if ( (skb->len) ^ (ether_dev->data_ep_out_size) ) {
> // It was not an exact multiple
> // no need to add anything extra
> count = skb->len;
> } else {
> // Add one to make it NOT an exact multiple
> count = skb->len + 1;
> }
>
> Shoudn't it be skb->len % ether_dev->data_ep_out_size instead ?
>
> Ben.
Without knowing anything about the cdc-ether driver, I would still like to
add a couple of comments about this code. First, setting count = skb->len
+ 1 implies transmitting a random byte of memory, thereby leaking
potentially sensitive information. The byte in question should be set to
0 before it is transmitted. Second, if this is a matter of sending a runt
USB packet, why not make it a 0-length packet instead of a 1-byte packet?
Alan Stern
-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
