lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7b25946e-265a-4939-98dc-d31555e143bb@rowland.harvard.edu>
Date: Tue, 12 Nov 2024 10:38:15 -0500
From: Alan Stern <stern@...land.harvard.edu>
To: Sabyrzhan Tasbolatov <snovitoll@...il.com>
Cc: Oliver Neukum <oneukum@...e.com>,
	syzbot+9760fbbd535cee131f81@...kaller.appspotmail.com,
	gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
	linux-usb@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH] usb/cdc-wdm: fix memory leak of wdm_device

On Tue, Nov 12, 2024 at 02:34:13PM +0500, Sabyrzhan Tasbolatov wrote:
> On Mon, Nov 11, 2024 at 7:29 PM Alan Stern <stern@...land.harvard.edu> wrote:
> > I don't understand your analysis.  As you said, cntr is initially set to
> > the amount in the buffer:
> >
> >         If cntr <= count then cntr isn't changed, so the amount of data
> >         copied to the user is the same as what is in the buffer.
> >
> >         Otherwise, if cntr > count, then cntr is decreased so that the
> >         amount copied to the user is no larger than what the user asked
> >         for -- but then it's obviously smaller than what's in the buffer.
> >
> > In neither case does the code copy more data than the buffer contains.
> 
> Hello,
> I've sent the v3 patch [1] per Oliver's explanation if I interpreted
> it correctly.
> I don't have the reproducer to verify if the patch solves the problem.
> If the analysis or patch is not right, please let me know.

The analysis is not right.

The patch is also not right, because it doesn't change the meaning of 
the code (except for one respect, in which it is wrong).  I'll send 
another email responding to the patch itself.

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ