Fix ure device driver susceptible to packet-in-packet attack.

Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:27.ure Security: CVE-2020-7464
author: Gordon Tetlow <gordon@FreeBSD.org> 2020-09-15 21:42:05 +0000
committer: Gordon Tetlow <gordon@FreeBSD.org> 2020-09-15 21:42:05 +0000
commit: 7dc935d29efdccf027d1cd85b59a613a1e1deaf5 (patch)
tree: 57054c50459cd76c31c0d94d224eb660208b03f7
parent: bc224160e9e7c2ad776ff1bfce7ab576fe2e8612 (diff)
download: src-test2-7dc935d29efdccf027d1cd85b59a613a1e1deaf5.tar.gz
src-test2-7dc935d29efdccf027d1cd85b59a613a1e1deaf5.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/dev/usb/net/if_ure.c b/sys/dev/usb/net/if_ure.c
index 9d7f47a576ee..0d4032e41864 100644
--- a/sys/dev/usb/net/if_ure.c
+++ b/sys/dev/usb/net/if_ure.c
@@ -710,7 +710,9 @@ ure_init(struct usb_ether *ue)
 	    ~URE_RXDY_GATED_EN);
 
 	/* Set Rx mode. */
-	rxmode = URE_RCR_APM;
+	rxmode = ure_read_4(sc, URE_PLA_RCR, URE_MCU_TYPE_PLA);
+	rxmode &= ~URE_RCR_ACPT_ALL;
+	rxmode |= URE_RCR_APM;
 
 	/* If we want promiscuous mode, set the allframes bit. */
 	if (ifp->if_flags & IFF_PROMISC)
author	Gordon Tetlow <gordon@FreeBSD.org>	2020-09-15 21:42:05 +0000
committer	Gordon Tetlow <gordon@FreeBSD.org>	2020-09-15 21:42:05 +0000
commit	7dc935d29efdccf027d1cd85b59a613a1e1deaf5 (patch)
tree	57054c50459cd76c31c0d94d224eb660208b03f7
parent	bc224160e9e7c2ad776ff1bfce7ab576fe2e8612 (diff)
download	src-test2-7dc935d29efdccf027d1cd85b59a613a1e1deaf5.tar.gz src-test2-7dc935d29efdccf027d1cd85b59a613a1e1deaf5.zip