| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Feb 2017 16:25:20 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: David Laight <David.Laight@...LAB.COM>
Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
Petko Manolov <petkan@...leusys.com>
Subject: Re: [PATCH net 2/4] rtl8150: Use heap buffers for all register access
On Mon, Feb 06, 2017 at 04:09:18PM +0000, David Laight wrote:
> From: Ben Hutchings
[...]
> > + ret = usb_control_msg(dev->udev, usb_rcvctrlpipe(dev->udev, 0),
> > + RTL8150_REQ_GET_REGS, RTL8150_REQT_READ,
> > + indx, 0, buf, size, 500);
> > + if (ret > 0 && ret <= size)
> > + memcpy(data, buf, ret);
>
> If ret > size something is horridly wrong.
> Silently not updating the callers buffer at all cannot be right.
Yes, it seems strange to check this. I originally wrote this as ret >
0, but then I checked the usbnet core and found __usbnet_read_cmd()
has the second comparison as well.
> > + kfree(buf);
> > + return ret;
>
> I can't help feeling that it would be better to add a wrapper to
> usb_control_msg() that does the kmalloc() and memcpy()s and
> drop that into all the call sites.
It might be. Right now I'm trying to patch up a bunch of regressions
rather than argue over an API change.
Ben.
--
Ben Hutchings
Experience is what causes a person to make new mistakes instead of old ones.
Download attachment "signature.asc" of type "application/pgp-signature" (812 bytes)
Powered by blists - more mailing lists