lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 26 Mar 2019 09:20:40 +0100
From:   Arnd Bergmann <arnd@...db.de>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     "# 3.4.x" <stable@...r.kernel.org>,
        Kees Cook <keescook@...omium.org>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        Josh Boyer <jwboyer@...oraproject.org>,
        Ralf Spenneberg <ralf@...nneberg.net>,
        USB list <linux-usb@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Chunyan Zhang <chunyan.zhang@...eadtrum.com>,
        Baolin Wang <baolin.wang@...eadtrum.com>
Subject: Re: [BACKPORT 4.4.y 04/25] USB: iowarrior: fix oops with malicious
 USB descriptors

On Tue, Mar 26, 2019 at 2:23 AM Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
>
> On Fri, Mar 22, 2019 at 04:43:55PM +0100, Arnd Bergmann wrote:
> > From: Josh Boyer <jwboyer@...oraproject.org>
> >
> > The iowarrior driver expects at least one valid endpoint.  If given
> > malicious descriptors that specify 0 for the number of endpoints,
> > it will crash in the probe function.  Ensure there is at least
> > one endpoint on the interface before using it.
> >
> > The full report of this issue can be found here:
> > http://seclists.org/bugtraq/2016/Mar/87
> >
> > Reported-by: Ralf Spenneberg <ralf@...nneberg.net>
> > Cc: stable <stable@...r.kernel.org>
> > Signed-off-by: Josh Boyer <jwboyer@...oraproject.org>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > (cherry picked from commit 4ec0ef3a82125efc36173062a50624550a900ae0)
> > Signed-off-by: Arnd Bergmann <arnd@...db.de>
> > ---
> >  drivers/usb/misc/iowarrior.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
>
> This commit has been in the tree for a long time.  It was in the 4.4.7
> release, back in April 2016.  And then it was reverted in commit
> b7321e81fc36 ("USB: iowarrior: fix NULL-deref at probe") as it broke
> systems.  So why add it back, the correct functionality should be there
> today, right?

Sorry I missed that history. The script I used to identify patches noticed
that this patch was not applied, but I did not have a check for already-
reverted patches.

Chunyan, Baolin: it seems the spreadtrum 4.4 kernel got this wrong
as well, by backporting the patch again on top of 4.4.172. Can you check
the latest internal version for this?

       Arnd

Powered by blists - more mailing lists