lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <tencent_88DDBC2334BBA2C8A4C1E122DE62F8AB250A@qq.com>
Date: Tue, 15 Jul 2025 15:56:17 +0800
From: jackysliu <1972843537@...com>
To: 1972843537@...com
Cc: James.Bottomley@...senPartnership.com,
	bvanassche@....org,
	linux-kernel@...r.kernel.org,
	linux-scsi@...r.kernel.org,
	martin.petersen@...cle.com
Subject: Re: [PATCH v2] usb: gadget: functioni: Fix a oob problem in rndis

On Fri, Jul 11 2025 08:51:30 +0200, greg k-h wrote:

>Yes, and then look to see what buf_len (not buflen) in
>gen_ndis_set_resp() is used for.  I'll wait... :)
Oh,my bad.It seem that buf_len will only be used for some debugging code..

>What tool generated this static analysis?  You always have to mention
>that as per our development rules.
The vulnerability is found by  is found by Wukong-Agent, a code security AI agent,
 through static code analysis.But It seems that this is a false positive..

And what qemu setup did you use to test this?  That would be helpful to
know so that I can verify it on my end.

I'll add some web-usb device to test this model.But seems that I went into a wrong way.

Thanks

Siyang Liu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ