lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20250919115654.1011141-2-thorsten.blum@linux.dev>
Date: Fri, 19 Sep 2025 13:56:50 +0200
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Alan Stern <stern@...land.harvard.edu>,
	Rex Nie <rex.nie@...uarmicro.com>,
	Jann Horn <jannh@...gle.com>
Cc: Thorsten Blum <thorsten.blum@...ux.dev>,
	linux-usb@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] USB: core: replace kmalloc + copy_from_user with memdup_user

Replace kmalloc() followed by copy_from_user() with memdup_user() to
simplify and improve proc_do_submiturb(). Replace the hard-coded 8 bytes
with the size of 'struct usb_ctrlrequest'.

Return early if an error occurs, and avoid manually setting 'ret' and
using 'goto error'.

No functional changes intended.

Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
---
 drivers/usb/core/devio.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index f6ce6e26e0d4..3bc54a5c59ff 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -1670,13 +1670,9 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb
 		/* min 8 byte setup packet */
 		if (uurb->buffer_length < 8)
 			return -EINVAL;
-		dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
-		if (!dr)
-			return -ENOMEM;
-		if (copy_from_user(dr, uurb->buffer, 8)) {
-			ret = -EFAULT;
-			goto error;
-		}
+		dr = memdup_user(uurb->buffer, sizeof(struct usb_ctrlrequest));
+		if (IS_ERR(dr))
+			return PTR_ERR(dr);
 		if (uurb->buffer_length < (le16_to_cpu(dr->wLength) + 8)) {
 			ret = -EINVAL;
 			goto error;
-- 
2.51.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ