| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y8fTd0VJXqKkPIuo@google.com>
Date: Wed, 18 Jan 2023 11:09:43 +0000
From: Lee Jones <lee@...nel.org>
To: Jiri Kosina <jikos@...nel.org>
Cc: benjamin.tissoires@...hat.com, avid.rheinsberg@...il.com,
linux-kernel@...r.kernel.org, linux-input@...r.kernel.org
Subject: Re: [PATCH 1/2] HID: core: Provide new max_buffer_size attribute to
over-ride the default
On Wed, 18 Jan 2023, Jiri Kosina wrote:
> On Fri, 13 Jan 2023, Lee Jones wrote:
>
> > Presently, when a report is processed, its size is compared solely
> > against the value specified by user-space.
>
> While I am generally fine with the idea, I don't understand this sentence.
> What exactly do you mean by 'specified by user-space'? It's defined as a
> compile-time constant.
>
> > If the received report ends up being smaller than this, the
> > remainder of the buffer is zeroed.
Apologies for any ambiguity.
"its size" == "compile-time constant"
Would "its maximum size" read better?
These sentences are an attempt to describe this statement:
if (csize < rsize) {
dbg_hid("report %d is too short, (%d < %d)\n", report->id,
csize, rsize);
memset(cdata + csize, 0, rsize - csize);
}
Where csize is "the [size of the] received report" and rsize is the
"value [size] specified by user-space". Thus, if user-space says the
report will be 8-Bytes (rsize) and it actually only only submits 6-Bytes
(csize), then the subsystem will complain that the "report is too short"
and it will attempt to zero the seemingly unused 2-Bytes.
--
Lee Jones [李琼斯]
Powered by blists - more mailing lists