lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 4 Mar 2014 10:06:20 -0600
From:	Felipe Balbi <balbi@...com>
To:	Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
CC:	Chuansheng Liu <chuansheng.liu@...el.com>, <balbi@...com>,
	<gregkh@...uxfoundation.org>, <linux-usb@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>, <mina86@...a86.com>,
	<david.a.cohen@...ux.intel.com>
Subject: Re: [PATCH v2] usb: gadget: return the right length in
 ffs_epfile_io()

On Tue, Mar 04, 2014 at 08:01:15PM +0300, Sergei Shtylyov wrote:
> Hello.
> 
> On 03/04/2014 10:34 AM, Chuansheng Liu wrote:
> 
> >When the request length is aligned to maxpacketsize, sometimes
> >the return length ret > the user space requested len.
> 
> >At that time, we will use min_t(size_t, ret, len) to limit the
> >size in case of user data buffer overflow.
> 
> >But we need return the min_t(size_t, ret, len) to tell the user
> >space rightly also.
> 
> >Acked-by: Michal Nazarewicz <mina86@...a86.com>
> >Reviewed-by: David Cohen <david.a.cohen@...ux.intel.com>
> >Signed-off-by: Chuansheng Liu <chuansheng.liu@...el.com>
> >---
> >  drivers/usb/gadget/f_fs.c | 14 ++++++++------
> >  1 file changed, 8 insertions(+), 6 deletions(-)
> 
> >diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c
> >index 42f7a0e..780f877 100644
> >--- a/drivers/usb/gadget/f_fs.c
> >+++ b/drivers/usb/gadget/f_fs.c
> >@@ -845,12 +845,14 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
> >  			 * we may end up with more data then user space has
> >  			 * space for.
> >  			 */
> >-			ret = ep->status;
> >-			if (io_data->read && ret > 0 &&
> >-			    unlikely(copy_to_user(io_data->buf, data,
> >-						  min_t(size_t, ret,
> >-						  io_data->len))))
> >-				ret = -EFAULT;
> >+				ret = ep->status;
> 
>    Why the indentation jumped suddenly to the right?

because it was wrong before ;-)

-- 
balbi

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ