| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44L0.1912161002080.1406-100000@iolanthe.rowland.org>
Date: Mon, 16 Dec 2019 10:05:11 -0500 (EST)
From: Alan Stern <stern@...land.harvard.edu>
To: Andrey Konovalov <andreyknvl@...gle.com>
cc: syzbot <syzbot+7fa38a608b1075dfd634@...kaller.appspotmail.com>,
LKML <linux-kernel@...r.kernel.org>,
USB list <linux-usb@...r.kernel.org>, <mans@...sr.com>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: Re: general protection fault in usb_set_interface
On Mon, 16 Dec 2019, Andrey Konovalov wrote:
> On Fri, Dec 13, 2019 at 8:51 PM Alan Stern <stern@...land.harvard.edu> wrote:
> >
> > On Fri, 13 Dec 2019, Andrey Konovalov wrote:
> >
> > > > > Let's retry here:
> > > >
> > > > > #syz test: https://github.com/google/kasan.git f0df5c1b
> > > >
> > > > This bug is already marked as fixed. No point in testing.
> > > >
> > >
> > > Hm, that explains some of the weirdness. It doesn't explain though
> > > neither why the patch was actually tested when Alan requested it nor
> > > why syzbot sent no reply.
> >
> > In the meantime, is there any way to get syzbot to test the new patch
> > with the old reproducer? Perhaps tell it to re-open this bug?
>
> No, we can only test this manually now. I can run the reproducer for
> you. Should I revert the fix for this bug and then apply your patch?
> What's the expected result?
Please simply run the patch as it is, with no other changes. The
expected result is a use-after-free Read in usbvision_v4l2_open, just
as with c7b0ec009a216143df30.
Alan Stern
Powered by blists - more mailing lists