lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 09 Dec 2019 21:30:44 -0500
From:   Nicolas Dufresne <nicolas.dufresne@...labora.com>
To:     Nicolas Dufresne <nicolas.dufresne@...labora.com>
Cc:     Laurent Pinchart <laurent.pinchart@...asonboard.com>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] uvcvideo: Also validate buffers in BULK mode

Le lundi 09 décembre 2019 à 21:27 -0500, Nicolas Dufresne a écrit :
> Le mardi 05 juin 2018 à 19:46 -0400, Nicolas Dufresne a écrit :
> > Just like for ISOC, validate the decoded BULK buffer size when possible.
> > This avoids sending corrupted or partial buffers to userspace, which may
> > lead to application crash or run-time failure.
> > 
> > Signed-off-by: Nicolas Dufresne <nicolas.dufresne@...labora.com>
> 
> Ping. That was a year and a half ago and still applies.

Please ignore, I was looking into the wrong branch by accident. Please,
update patchwork, that might also help to avoid confusion.

> 
> > ---
> >  drivers/media/usb/uvc/uvc_video.c | 9 +++------
> >  1 file changed, 3 insertions(+), 6 deletions(-)
> > 
> > diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c
> > index aa0082fe5833..025ffac196f3 100644
> > --- a/drivers/media/usb/uvc/uvc_video.c
> > +++ b/drivers/media/usb/uvc/uvc_video.c
> > @@ -1234,6 +1234,7 @@ static void uvc_video_next_buffers(struct uvc_streaming *stream,
> >  		*meta_buf = uvc_queue_next_buffer(&stream->meta.queue,
> >  						  *meta_buf);
> >  	}
> > +	uvc_video_validate_buffer(stream, *video_buf);
> >  	*video_buf = uvc_queue_next_buffer(&stream->queue, *video_buf);
> >  }
> >  
> > @@ -1258,10 +1259,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream,
> >  		do {
> >  			ret = uvc_video_decode_start(stream, buf, mem,
> >  				urb->iso_frame_desc[i].actual_length);
> > -			if (ret == -EAGAIN) {
> > -				uvc_video_validate_buffer(stream, buf);
> > +			if (ret == -EAGAIN)
> >  				uvc_video_next_buffers(stream, &buf, &meta_buf);
> > -			}
> >  		} while (ret == -EAGAIN);
> >  
> >  		if (ret < 0)
> > @@ -1277,10 +1276,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream,
> >  		uvc_video_decode_end(stream, buf, mem,
> >  			urb->iso_frame_desc[i].actual_length);
> >  
> > -		if (buf->state == UVC_BUF_STATE_READY) {
> > -			uvc_video_validate_buffer(stream, buf);
> > +		if (buf->state == UVC_BUF_STATE_READY)
> >  			uvc_video_next_buffers(stream, &buf, &meta_buf);
> > -		}
> >  	}
> >  }
> >  

Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ