lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Apr 2019 17:36:48 +0800 From: Yang Xiao <92siuyang@...il.com> To: Bjørn Mork <bjorn@...k.no> Cc: kbuild-all@...org, linux-usb@...r.kernel.org, linux-media@...r.kernel.org, linux-kernel@...r.kernel.org, greg@...ah.com, mchehab@...nel.org, Kees Cook <keescook@...omium.org>, hans.verkuil@...co.com, Young Xiao <YangX92@...mail.com> Subject: Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors I am so sorry. I misunderstood the reason of CVE-2016-2188. Sorry again!!! On Fri, Apr 12, 2019 at 5:07 PM Bjørn Mork <bjorn@...k.no> wrote: > > Yang Xiao <92siuyang@...il.com> writes: > > > If given malicious descritors that spcify 0 for the number of endpoints, > > then there is a null pointer deference when calling function > > usb_endpoint_is_bulk_in. > > > > for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) { > > Try this: > > #include <stdio.h> > int main() > { > int i; > for (i=0; i<0; ++i) > printf("%d\n"); > return 0; > } > > How many lines did it print? > > > Bjørn
Powered by blists - more mailing lists