| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Jun 2024 10:22:34 +0930 From: Andrew Jeffery <andrew@...econstruct.com.au> To: Ma Ke <make24@...as.ac.cn>, neal_liu@...eedtech.com, gregkh@...uxfoundation.org, joel@....id.au Cc: linux-aspeed@...ts.ozlabs.org, linux-usb@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] usb: gadget: aspeed_udc: validate endpoint index for ast udc On Sat, 2024-06-22 at 17:56 +0800, Ma Ke wrote: > We should verify the bound of the array to assure that host > may not manipulate the index to point past endpoint array. > > Signed-off-by: Ma Ke <make24@...as.ac.cn> > --- > drivers/usb/gadget/udc/aspeed_udc.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/usb/gadget/udc/aspeed_udc.c b/drivers/usb/gadget/udc/aspeed_udc.c > index 3916c8e2ba01..95060592c231 100644 > --- a/drivers/usb/gadget/udc/aspeed_udc.c > +++ b/drivers/usb/gadget/udc/aspeed_udc.c > @@ -1009,6 +1009,8 @@ static void ast_udc_getstatus(struct ast_udc_dev *udc) > break; > case USB_RECIP_ENDPOINT: > epnum = crq.wIndex & USB_ENDPOINT_NUMBER_MASK; > + if (epnum >= USB_MAX_ENDPOINTS) Shouldn't this be `epnum >= AST_UDC_NUM_ENDPOINTS`? Further, USB_MAX_ENDPOINTS doesn't appear to be defined here? What steps did you take to test this patch? Andrew
Powered by blists - more mailing lists