lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 22 Sep 2022 12:12:24 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Johan Hovold <johan@...nel.org>
Cc:     Mauro Carvalho Chehab <mchehab@...nel.org>,
        Hans Verkuil <hverkuil-cisco@...all.nl>,
        Sean Young <sean@...s.org>, linux-media@...r.kernel.org,
        linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
        Oliver Neukum <oneukum@...e.com>, stable@...r.kernel.org,
        Dongliang Mu <mudongliangabcd@...il.com>
Subject: Re: [PATCH RESEND] media: flexcop-usb: fix endpoint type check

On Thu, Sep 22, 2022 at 11:37:36AM +0200, Johan Hovold wrote:
> On Thu, Sep 22, 2022 at 10:41:43AM +0200, Greg Kroah-Hartman wrote:
> > On Tue, Sep 20, 2022 at 11:00:35AM +0200, Johan Hovold wrote:
> > > Mauro and Hans,
> > > 
> > > On Mon, Aug 22, 2022 at 05:10:27PM +0200, Johan Hovold wrote:
> > > > Commit d725d20e81c2 ("media: flexcop-usb: sanity checking of endpoint
> > > > type") tried to add an endpoint type sanity check for the single
> > > > isochronous endpoint but instead broke the driver by checking the wrong
> > > > descriptor or random data beyond the last endpoint descriptor.
> > > > 
> > > > Make sure to check the right endpoint descriptor.
> > > > 
> > > > Fixes: d725d20e81c2 ("media: flexcop-usb: sanity checking of endpoint type")
> > > > Cc: Oliver Neukum <oneukum@...e.com>
> > > > Cc: stable@...r.kernel.org	# 5.9
> > > > Reported-by: Dongliang Mu <mudongliangabcd@...il.com>
> > > > Signed-off-by: Johan Hovold <johan@...nel.org>
> > > > ---
> > > > 
> > > > It's been two months and two completely ignored reminders so resending.
> > > > 
> > > > Can someone please pick this fix up and let me know when that has been
> > > > done?
> > > 
> > > It's been another month so sending yet another reminder. This driver as
> > > been broken since 5.9 and I posted this fix almost four months ago and
> > > have sent multiple reminders since.
> > > 
> > > Can someone please pick this one and the follow-up cleanups up?
> > 
> > I've taken this one in my tree now.  Which one were the "follow-up"
> > cleanups?
> 
> Thanks. These are the follow-up cleanups:
> 
> 	https://lore.kernel.org/lkml/20220822151456.27178-1-johan@kernel.org/

Thanks, I'll take them after the first one was merged into Linus's tree.

> Perhaps we should start taking USB related changes like this through the
> USB tree by default. Posting patches to the media subsystem feels like
> shooting patches at a black hole.

I agree, there's been a bunch of patches sent there (some with security
fixes) that are not getting responded to :(

thanks,

greg k-h

Powered by blists - more mailing lists