| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251108-gs_usb-fix-usb-callbacks-v1-0-8a2534a7ea05@pengutronix.de>
Date: Sat, 08 Nov 2025 10:01:00 +0100
From: Marc Kleine-Budde <mkl@...gutronix.de>
To: Vincent Mailhol <mailhol@...nel.org>,
Maximilian Schneider <max@...neidersoft.net>,
Wolfgang Grandegger <wg@...ndegger.com>
Cc: kernel@...gutronix.de, linux-can@...r.kernel.org,
linux-kernel@...r.kernel.org, Marc Kleine-Budde <mkl@...gutronix.de>
Subject: [PATCH can 0/3] can: gs_usb: fix USB bulk in and out callbacks
The bulk-out callback gs_usb_xmit_callback() does not take care of the
cleanup of failed transfers of URBs. The 1st patch adds the missing
cleanup.
The bulk-in callback gs_usb_receive_bulk_callback() accesses the buffer of
the URB without checking how much data has actually been received. The last
2 patches fix this problem.
Signed-off-by: Marc Kleine-Budde <mkl@...gutronix.de>
---
Marc Kleine-Budde (3):
can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs
can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header
can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data
drivers/net/can/usb/gs_usb.c | 108 +++++++++++++++++++++++++++++++++++++------
1 file changed, 94 insertions(+), 14 deletions(-)
---
base-commit: 74d4432421a3e2669fbccc08c0f4fc2980bf0e39
change-id: 20251107-gs_usb-fix-usb-callbacks-5fa2955299c3
Best regards,
--
Marc Kleine-Budde <mkl@...gutronix.de>
Powered by blists - more mailing lists