lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Aug 2022 10:38:00 -0400 From: Alan Stern <stern@...land.harvard.edu> To: Khalid Masum <khalid.masum.92@...il.com> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, linux-usb@...r.kernel.org, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 1/2] usb: ehci: Prevent possible modulo by zero On Wed, Aug 24, 2022 at 05:15:47PM +0600, Khalid Masum wrote: > On Wed, Aug 24, 2022 at 2:21 AM Alan Stern <stern@...land.harvard.edu> wrote: > > > > if (!ep) { > > usb_free_urb(urb); > > return NULL; > > } > > > > Neither of these patches is needed. > > > > Alan Stern > > Thanks, I got you. In fact, Coverity wasn't completely wrong; there is a possible bug here. However the suggested fix is not the right approach. The usb_maxpacket() routine does a two-step computation. First, it looks up the endpoint number in the pipe to get a usb_host_endpoint pointer, and then it uses the pointer to get the maxpacket value. Coverity complained that the lookup in the first step can fail, and that is in fact true: If there is an interface or configuration change before usb_maxpacket() is called, the endpoint number table can change and the lookup may fail. But it turns out the first step isn't needed here at all, since the endpoint pointer is already stored in the URB (by the code in usb_submit_urb() that I pointed out earlier). So an appropriate way to fix the problem is to carry out just the second step: - maxpacket = usb_maxpacket(urb->dev, urb->pipe); + maxpacket = usb_endpoint_maxp(&urb->ep->desc); This holds for both of your patches. Alan Stern
Powered by blists - more mailing lists