lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190119082139.GB8204@kroah.com>
Date:   Sat, 19 Jan 2019 09:21:39 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Shuah Khan <skhan@...uxfoundation.org>
Cc:     valentina.manea.m@...il.com, shuah@...nel.org,
        linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usbip: Fix vhci_urb_enqueue() URB null transfer buffer
 error path

On Fri, Jan 18, 2019 at 02:29:31PM -0700, Shuah Khan wrote:
> From: Shuah Khan <shuah@...nel.org>
> 
> Fix vhci_urb_enqueue() to print error and return error instead of
> failing with WARN_ON.
> 
> Signed-off-by: Shuah Khan <shuah@...nel.org>
> ---
>  drivers/usb/usbip/vhci_hcd.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
> index 1e592ec94ba4..849ebfde87b5 100644
> --- a/drivers/usb/usbip/vhci_hcd.c
> +++ b/drivers/usb/usbip/vhci_hcd.c
> @@ -702,8 +702,10 @@ static int vhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flag
>  	}
>  	vdev = &vhci_hcd->vdev[portnum-1];
>  
> -	/* patch to usb_sg_init() is in 2.5.60 */
> -	BUG_ON(!urb->transfer_buffer && urb->transfer_buffer_length);
> +	if (!urb->transfer_buffer && urb->transfer_buffer_length) {
> +		dev_err(dev, "Null URB transfer buffer\n");
> +		return -EINVAL;
> +	}

Could that BUG_ON be hit by userspace somehow?  Or is this just an
internal check for the api usage?

And sending out a 0 buffer length might be a valid thing (or at least a
crazy attempt at something), so you might want to make that dev_dbg() in
case userspace could trigger this to keep the log spam down.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ