| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAB_54W6i9-fy8Vc-uypXPtj3Uy0VuZpidFuRH0DVoWJ8utcWiw@mail.gmail.com>
Date: Sun, 2 Jan 2022 17:15:38 -0500
From: Alexander Aring <alex.aring@...il.com>
To: Pavel Skripkin <paskripkin@...il.com>
Cc: Stefan Schmidt <stefan@...enfreihafen.org>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
linux-wpan - ML <linux-wpan@...r.kernel.org>,
"open list:NETWORKING [GENERAL]" <netdev@...r.kernel.org>,
kernel list <linux-kernel@...r.kernel.org>,
"# 3.19.x" <stable@...r.kernel.org>,
Alexander Potapenko <glider@...gle.com>
Subject: Re: [PATCH RFT] ieee802154: atusb: move to new USB API
Hi,
On Sun, 2 Jan 2022 at 12:19, Pavel Skripkin <paskripkin@...il.com> wrote:
>
> Alexander reported a use of uninitialized value in
> atusb_set_extended_addr(), that is caused by reading 0 bytes via
> usb_control_msg().
>
Does there exist no way to check on this and return an error on USB
API caller level?
> Since there is an API, that cannot read less bytes, than was requested,
> let's move atusb driver to use it. It will fix all potintial bugs with
> uninit values and make code more modern
>
If this is not possible to fix with the "old" USB API then I think the
"old" USB API needs to be fixed.
Changing to the new USB API as "making the code more modern" is a new
feature and is a candidate for next.
- Alex
Powered by blists - more mailing lists