linux-kernel - Re: [usb-storage] usb: storage: suspicious code

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date:   Wed, 15 Feb 2017 01:14:53 -0600
From:   "Gustavo A. R. Silva" <garsilva@...eddedor.com>
To:     Oliver Neukum <oneukum@...e.com>
Cc:     stern@...land.harvard.edu, gregkh@...uxfoundation.org,
        linux-usb@...r.kernel.org, usb-storage@...ts.one-eyed-alien.net,
        linux-kernel@...r.kernel.org,
        Peter Senna Tschudi <peter.senna@...il.com>
Subject: Re: [usb-storage] usb: storage: suspicious code

Hi Oliver,

Quoting Oliver Neukum <oneukum@...e.com>:

> Am Dienstag, den 14.02.2017, 23:06 -0600 schrieb Gustavo A. R. Silva:
>
> Hi,
>
>> waitcount = 0;
>> do {
>>         result = jumpshot_get_status(us);
>>         if (result != USB_STOR_TRANSPORT_GOOD) {
>>                 // I have not experimented to find the smallest
>> value.
>>                 //
>>                 msleep(50);
>>         }
>>         } while ((result != USB_STOR_TRANSPORT_GOOD) && (waitcount <
>> 10));
>>
>>         if (result != USB_STOR_TRANSPORT_GOOD)
>>                 usb_stor_dbg(us, "Gah!  Waitcount = 10.  Bad
>> write!?\n");
>>
>> Variable 'waitcount' is never updated inside the do-while loop. So,
>> either it isn't needed at all or line 316 should be modified
>> (++waitcount < 10)
>
> you are correct. Waitcount needs to be incremented.
>

Thanks for clarifying, I'll send a patch shortly.

--
Gustavo A. R. Silva