| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025071539-tattoo-knickers-a775@gregkh> Date: Tue, 15 Jul 2025 10:32:28 +0200 From: Greg KH <gregkh@...uxfoundation.org> To: jackysliu <1972843537@...com> Cc: linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org, viro@...iv.linux.org.uk Subject: Re: [PATCH v2] usb: gadget: functioni: Fix a oob problem in rndis On Tue, Jul 15, 2025 at 04:20:09PM +0800, jackysliu wrote: > On Fri, Jul 11 2025 08:51:30 +0200, greg k-h wrote: > > >Yes, and then look to see what buf_len (not buflen) in > >gen_ndis_set_resp() is used for. I'll wait... :) > Oh,my bad.It seem that buf_len will only be used for some debugging code.. > > >What tool generated this static analysis? You always have to mention > >that as per our development rules. > The vulnerability is found by is found by Wukong-Agent, a code security AI agent, > through static code analysis.But It seems that this is a false positive.. As per our documentation, you have to always disclose what tools you use to find stuff. Please always do that, otherwise your reports are going to be ignored. And then also properly TEST your change to verify that it works before submitting it, that didn't happen here. > >And what qemu setup did you use to test this? That would be helpful to > >know so that I can verify it on my end. > > I've add some web-usb device to test this model.But seems that I went into a wrong way. What is a "web-usb" device? How does rndis work with that? thanks, greg k-h
Powered by blists - more mailing lists