| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAA6KcBDjRPjrfQpYYHtqc6tnpFoLz9QAESqkaOLK5Hi1HbpQHw@mail.gmail.com> Date: Tue, 11 Mar 2025 18:09:02 -0700 From: Matthew Dharm <mdharm-usb@...-eyed-alien.net> To: Alan Stern <stern@...land.harvard.edu> Cc: Xin Dai <daixin_tkzc@....com>, linux-usb@...r.kernel.org, usb-storage@...ts.one-eyed-alien.net, linux-kernel@...r.kernel.org Subject: Re: [usb-storage] Re: [PATCH] usb: storage: Fix `us->iobuf` size for BOT transmission to prevent memory overflow On Tue, Mar 11, 2025 at 7:12 AM Alan Stern <stern@...land.harvard.edu> wrote: > > On Tue, Mar 11, 2025 at 04:41:11PM +0800, Xin Dai wrote: > > When the DWC2 controller detects a packet Babble Error, where a device > > transmits more data over USB than the host controller anticipates for a > > transaction. It follows this process: > > > There is no risk of memory overflow. The length of the transfer for the > CSW is limited to US_BULK_CS_WRAP_LEN, which is 13. And the length of a > CBW transfer is limited to US_BULK_CB_WRAP_LEN, which is 31 (or to 32 > if the US_FL_BULK32 quirk flag is set). Therefore a 64-byte buffer is > more than enough. There is no risk of memory overflow *unless* the DWC controller doesn't respect the buffer length as given in the URB. If there is an overflow issue here, it is an issue with the controller level. Matt -- Matthew Dharm Former Maintainer, USB Mass Storage driver for Linux
Powered by blists - more mailing lists