lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Sep 2022 12:12:24 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Johan Hovold <johan@...nel.org> Cc: Mauro Carvalho Chehab <mchehab@...nel.org>, Hans Verkuil <hverkuil-cisco@...all.nl>, Sean Young <sean@...s.org>, linux-media@...r.kernel.org, linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org, Oliver Neukum <oneukum@...e.com>, stable@...r.kernel.org, Dongliang Mu <mudongliangabcd@...il.com> Subject: Re: [PATCH RESEND] media: flexcop-usb: fix endpoint type check On Thu, Sep 22, 2022 at 11:37:36AM +0200, Johan Hovold wrote: > On Thu, Sep 22, 2022 at 10:41:43AM +0200, Greg Kroah-Hartman wrote: > > On Tue, Sep 20, 2022 at 11:00:35AM +0200, Johan Hovold wrote: > > > Mauro and Hans, > > > > > > On Mon, Aug 22, 2022 at 05:10:27PM +0200, Johan Hovold wrote: > > > > Commit d725d20e81c2 ("media: flexcop-usb: sanity checking of endpoint > > > > type") tried to add an endpoint type sanity check for the single > > > > isochronous endpoint but instead broke the driver by checking the wrong > > > > descriptor or random data beyond the last endpoint descriptor. > > > > > > > > Make sure to check the right endpoint descriptor. > > > > > > > > Fixes: d725d20e81c2 ("media: flexcop-usb: sanity checking of endpoint type") > > > > Cc: Oliver Neukum <oneukum@...e.com> > > > > Cc: stable@...r.kernel.org # 5.9 > > > > Reported-by: Dongliang Mu <mudongliangabcd@...il.com> > > > > Signed-off-by: Johan Hovold <johan@...nel.org> > > > > --- > > > > > > > > It's been two months and two completely ignored reminders so resending. > > > > > > > > Can someone please pick this fix up and let me know when that has been > > > > done? > > > > > > It's been another month so sending yet another reminder. This driver as > > > been broken since 5.9 and I posted this fix almost four months ago and > > > have sent multiple reminders since. > > > > > > Can someone please pick this one and the follow-up cleanups up? > > > > I've taken this one in my tree now. Which one were the "follow-up" > > cleanups? > > Thanks. These are the follow-up cleanups: > > https://lore.kernel.org/lkml/20220822151456.27178-1-johan@kernel.org/ Thanks, I'll take them after the first one was merged into Linus's tree. > Perhaps we should start taking USB related changes like this through the > USB tree by default. Posting patches to the media subsystem feels like > shooting patches at a black hole. I agree, there's been a bunch of patches sent there (some with security fixes) that are not getting responded to :( thanks, greg k-h
Powered by blists - more mailing lists