lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 14 Feb 2008 19:36:37 +0000
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	David Newall <davidn@...idnewall.com>
Cc:	Greg KH <greg@...ah.com>, linux-usb@...r.kernel.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: Handshaking on USB serial devices

> That's a very good point.  Even so: on the 2.4 driver, write_room isn't
> implemented (refer to a previous message by Alan); and in 2.6, a 1k
> buffer is built into the driver, with nothing to prevent it being sent
> when the hardware buffer fills.  These could be bugs in the two versions

Which isn't a bug if the hardware handles it internally as most does.

> of pl2303, if you like; in fact I suppose they are; but there's a wider
> problem: The same weakness can be found in aircable.c, airprime.c,
> cyberjack.c, cypress_m8.c (I think), empeg.c, ftdi_sio (I think),
> io_ti.c, and that's where I stop checking, and declare it's widespread.

Careful - a lot of hardware handles this properly itself, you simply
don't get the URB completing until its all done.

> now that you've mentioned it, I can't see that anything to stop the
> driver from overflowing the internal buffer, which is very perplexing. 
> Would that be right?  That seems a pretty dramatic weakness; how do you
> write a large report to a slow printer without losing data?

pl2303 implements write room in 2.6 (and 2.4 I don't care about at all)
so the driver appears entirely correct in respect of its internal buffer
management. Someone with docs will have to comment on whether it handles
flow control in firmware or needs pl2303_send to do further checks as you
propose.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ