| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Feb 2017 23:06:52 -0600
From: "Gustavo A. R. Silva" <garsilva@...eddedor.com>
To: stern@...land.harvard.edu, gregkh@...uxfoundation.org
Cc: linux-usb@...r.kernel.org, usb-storage@...ts.one-eyed-alien.net,
linux-kernel@...r.kernel.org,
Peter Senna Tschudi <peter.senna@...il.com>,
"Gustavo A. R. Silva" <garsilva@...eddedor.com>
Subject: usb: storage: suspicious code
Hello,
I ran into the following piece of code at drivers/usb/storage/jumpshot.c:305 (linux-next), and it seems a little bit suspicious:
// read the result. apparently the bulk write can complete
// before the jumpshot drive is finished writing. so we loop
// here until we get a good return code
waitcount = 0;
do {
result = jumpshot_get_status(us);
if (result != USB_STOR_TRANSPORT_GOOD) {
// I have not experimented to find the smallest value.
//
msleep(50);
}
} while ((result != USB_STOR_TRANSPORT_GOOD) && (waitcount < 10));
if (result != USB_STOR_TRANSPORT_GOOD)
usb_stor_dbg(us, "Gah! Waitcount = 10. Bad write!?\n");
Variable 'waitcount' is never updated inside the do-while loop. So, either it isn't needed at all or line 316 should be modified (++waitcount < 10)
In case 'waitcount' isn't needed, lines 318 and 319 should be removed.
Can someone help me to clarify this so I can write a patch to fix this code?
Thank you
--
Gustavo A. R. Silva
Powered by blists - more mailing lists