lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110922121031.639006d0@horus>
Date:	Thu, 22 Sep 2011 12:10:31 +0200
From:	Matthias Dellweg <2500@....de>
To:	Greg Kroah-Hartman <gregkh@...e.de>,
	Vasiliy Kulikov <segooon@...il.com>,
	Michal Sojka <sojkam1@....cvut.cz>,
	Arnd Bergmann <arnd@...db.de>, linux-usb@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] enable usb control message with class specific request

Hi!
Usb devio assumes that the wIndex in every control message apart from
those flagged as USB_TYPE_VENDOR holds the number of the Interface
being addressed. This is for example not true for the class specific
request GET_DEVICE_ID in the printer class:

"The high-byte of the wIndex field is used to specify the zero-based
interface index. The low-byte of the wIndex field is used to specify
the zero-based alternate setting." [1]

In this special case it misinterpretes the alternate setting 1 for the
interface and tries to claim a nonexisting one. Therefor you won't get
the printers name.

The patch below is a minimal approach to fix this. Maybe it should be
extended to USB_TYPE_RESERVED. Maybe there should be an extended test
that knows something about specific classes.

What do you think?
regards Matthias

[1] http://www.usb.org/developers/devclass_docs/usbprint11.pdf



>From 724e3b5e8782a584a95d05bb2f44e59743ed3a72 Mon Sep 17 00:00:00 2001
From: Matthias Dellweg <2500@....de>
Date: Wed, 21 Sep 2011 21:28:18 +0200
Subject: [PATCH] drivers/usb/core/devio.c: Relax test in check_ctrlrecip

The generic test for the interface is not valid when the request type is
class specific.

Signed-off-by: Matthias Dellweg <2500@....de>
---
 drivers/usb/core/devio.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 37518df..4e78768 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -615,7 +615,8 @@ static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype,
         && ps->dev->state != USB_STATE_ADDRESS
         && ps->dev->state != USB_STATE_CONFIGURED)
                return -EHOSTUNREACH;
-       if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
+       if ((USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
+        || (USB_TYPE_CLASS == (USB_TYPE_MASK & requesttype)))
                return 0;
 
        index &= 0xff;
-- 
1.7.6.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ