aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2020-09-15 21:42:05 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2020-09-15 21:42:05 +0000
commitf5dd94b4c4b3158e7520eb1a320b8fee3fffb09a (patch)
treef0e5bcc376f13daf11f998330eb79b6d9caf8bd2
parent8768c95036953ee92f79f95e70a0cbb102ebc7de (diff)
Fix ure device driver susceptible to packet-in-packet attack.
Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:27.ure Security: CVE-2020-7464
Notes
Notes: svn path=/releng/11.3/; revision=365778
Diffstat
-rw-r--r--sys/dev/usb/net/if_ure.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/dev/usb/net/if_ure.c b/sys/dev/usb/net/if_ure.c
index 9d7f47a576ee..0d4032e41864 100644
--- a/sys/dev/usb/net/if_ure.c
+++ b/sys/dev/usb/net/if_ure.c
@@ -710,7 +710,9 @@ ure_init(struct usb_ether *ue)
~URE_RXDY_GATED_EN);
/* Set Rx mode. */
- rxmode = URE_RCR_APM;
+ rxmode = ure_read_4(sc, URE_PLA_RCR, URE_MCU_TYPE_PLA);
+ rxmode &= ~URE_RCR_ACPT_ALL;
+ rxmode |= URE_RCR_APM;
/* If we want promiscuous mode, set the allframes bit. */
if (ifp->if_flags & IFF_PROMISC)
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-08 02:31:22 +0000