lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44L0.1904181022320.1513-100000@iolanthe.rowland.org>
Date:   Thu, 18 Apr 2019 10:33:52 -0400 (EDT)
From:   Alan Stern <stern@...land.harvard.edu>
To:     "zhuyan (M)" <zhuyan34@...wei.com>
cc:     Greg KH <gregkh@...uxfoundation.org>,
        "anton@...msg.org" <anton@...msg.org>,
        "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] usb:host: fix divide-by-zero in function fhci_queue_urb

On Thu, 18 Apr 2019, zhuyan (M) wrote:

> > > @@ -765,11 +765,12 @@ void fhci_queue_urb(struct fhci_hcd *fhci, 
> > > struct urb *urb)
> > >  
> > >  	switch (ed->mode) {
> > >  	case FHCI_TF_BULK:
> > > +		max_pkt_size = usb_endpoint_maxp(&urb->ep->desc);
> > >  		if (urb->transfer_flags & URB_ZERO_PACKET &&
> > >  				urb->transfer_buffer_length > 0 &&
> > > +				(max_pkt_size != 0) &&
> > 
> > Now you shouldn't need to add this extra test.
> > 
> > Alan Stern

> But the return value of usb_endpoint_maxp() may be 0. 
> Do we need to take protective measures?

Yes, we do.  But the protective measures don't belong in the fhci 
driver.

They should go in core/config.c:usb_parse_endpoint().  That routine 
already has code to check for maxpacket sizes that are too large; you 
can add code that checks for maxpacket sizes that are too small.

In theory an interrupt or isochronous endpoint might have maxpacket set
to 0 -- we could warn about these and accept them -- but this is not
allowed for bulk endpoints (see section 5.8.3 of the USB 2.0
specification).  In fact, bulk endpoints are not allowed to have
maxpacket size smaller than 8.

Maybe if you make this change then fhci-hcd won't need any
modifications at all.

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ