device. Here's a patch that throws away such packet, to keep the machine
from crashing. Hopefully this doesn't leave memory unreleased. If it does, it's still better than crashing as such oversized packets are really rare.
Signed-off-by: Jarkko Hakala <[EMAIL PROTECTED]>
diff -Nur linux-2.6.12-rc1-orig/drivers/usb/net/usbnet.c linux-2.6.12-rc1/drivers/usb/net/usbnet.c
--- linux-2.6.12-rc1-orig/drivers/usb/net/usbnet.c 2005-03-18 03:34:13.000000000 +0200
+++ linux-2.6.12-rc1/drivers/usb/net/usbnet.c 2005-03-24 16:46:08.000000000 +0200
@@ -2795,9 +2795,20 @@
struct usbnet *dev = entry->dev;
int urb_status = urb->status;
- skb_put (skb, urb->actual_length);
- entry->state = rx_done;
- entry->urb = NULL;
+ if (unlikely((skb->tail + urb->actual_length) > skb->end)) {
+ entry->state = rx_cleanup;
+ dev->stats.rx_errors++;
+ dev->stats.rx_length_errors++;
+ entry->urb = NULL;
+ printk(KERN_ERR
+ "USB RX packet too long, discarded. "
+ "Your slave device most likely is broken\n");
+ /* lets hope upper level protocols will recover */
+ } else {
+ skb_put(skb, urb->actual_length);
+ entry->state = rx_done;
+ entry->urb = NULL;
+ } switch (urb_status) {
// success- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
