| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Apr 2019 17:36:48 +0800
From: Yang Xiao <92siuyang@...il.com>
To: Bjørn Mork <bjorn@...k.no>
Cc: kbuild-all@...org, linux-usb@...r.kernel.org,
linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
greg@...ah.com, mchehab@...nel.org,
Kees Cook <keescook@...omium.org>, hans.verkuil@...co.com,
Young Xiao <YangX92@...mail.com>
Subject: Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors
I am so sorry. I misunderstood the reason of CVE-2016-2188.
Sorry again!!!
On Fri, Apr 12, 2019 at 5:07 PM Bjørn Mork <bjorn@...k.no> wrote:
>
> Yang Xiao <92siuyang@...il.com> writes:
>
> > If given malicious descritors that spcify 0 for the number of endpoints,
> > then there is a null pointer deference when calling function
> > usb_endpoint_is_bulk_in.
> >
> > for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
>
> Try this:
>
> #include <stdio.h>
> int main()
> {
> int i;
> for (i=0; i<0; ++i)
> printf("%d\n");
> return 0;
> }
>
> How many lines did it print?
>
>
> Bjørn
Powered by blists - more mailing lists