| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Jan 2022 01:21:32 +0300
From: Pavel Skripkin <paskripkin@...il.com>
To: Alexander Aring <alex.aring@...il.com>
Cc: Stefan Schmidt <stefan@...enfreihafen.org>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
linux-wpan - ML <linux-wpan@...r.kernel.org>,
"open list:NETWORKING [GENERAL]" <netdev@...r.kernel.org>,
kernel list <linux-kernel@...r.kernel.org>,
"# 3.19.x" <stable@...r.kernel.org>,
Alexander Potapenko <glider@...gle.com>
Subject: Re: [PATCH RFT] ieee802154: atusb: move to new USB API
On 1/3/22 01:15, Alexander Aring wrote:
> Hi,
>
> On Sun, 2 Jan 2022 at 12:19, Pavel Skripkin <paskripkin@...il.com> wrote:
>>
>> Alexander reported a use of uninitialized value in
>> atusb_set_extended_addr(), that is caused by reading 0 bytes via
>> usb_control_msg().
>>
>
> Does there exist no way to check on this and return an error on USB
> API caller level?
>
>> Since there is an API, that cannot read less bytes, than was requested,
>> let's move atusb driver to use it. It will fix all potintial bugs with
>> uninit values and make code more modern
>>
>
> If this is not possible to fix with the "old" USB API then I think the
> "old" USB API needs to be fixed.
> Changing to the new USB API as "making the code more modern" is a new
> feature and is a candidate for next.
>
It can be fixed with the old one. Something like that should work:
- if (ret < 0) {
- atusb->err = ret;
+ if (ret < size) {
+ atusb->err = ret < 0: ret: -ENODATA;
But I thought, that moving to new API is better fix, just because old
one prone to uninit value bugs if error checking is wrong
With regards,
Pavel Skripkin
Powered by blists - more mailing lists