| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Apr 2019 10:33:52 -0400 (EDT)
From: Alan Stern <stern@...land.harvard.edu>
To: "zhuyan (M)" <zhuyan34@...wei.com>
cc: Greg KH <gregkh@...uxfoundation.org>,
"anton@...msg.org" <anton@...msg.org>,
"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] usb:host: fix divide-by-zero in function fhci_queue_urb
On Thu, 18 Apr 2019, zhuyan (M) wrote:
> > > @@ -765,11 +765,12 @@ void fhci_queue_urb(struct fhci_hcd *fhci,
> > > struct urb *urb)
> > >
> > > switch (ed->mode) {
> > > case FHCI_TF_BULK:
> > > + max_pkt_size = usb_endpoint_maxp(&urb->ep->desc);
> > > if (urb->transfer_flags & URB_ZERO_PACKET &&
> > > urb->transfer_buffer_length > 0 &&
> > > + (max_pkt_size != 0) &&
> >
> > Now you shouldn't need to add this extra test.
> >
> > Alan Stern
> But the return value of usb_endpoint_maxp() may be 0.
> Do we need to take protective measures?
Yes, we do. But the protective measures don't belong in the fhci
driver.
They should go in core/config.c:usb_parse_endpoint(). That routine
already has code to check for maxpacket sizes that are too large; you
can add code that checks for maxpacket sizes that are too small.
In theory an interrupt or isochronous endpoint might have maxpacket set
to 0 -- we could warn about these and accept them -- but this is not
allowed for bulk endpoints (see section 5.8.3 of the USB 2.0
specification). In fact, bulk endpoints are not allowed to have
maxpacket size smaller than 8.
Maybe if you make this change then fhci-hcd won't need any
modifications at all.
Alan Stern
Powered by blists - more mailing lists