Re: usb/storage/uas: slab-out-of-bounds in uas_probe

From: Andrey Konovalov
Date: Thu Sep 21 2017 - 13:16:30 EST


On Thu, Sep 21, 2017 at 6:50 PM, Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, 21 Sep 2017, Andrey Konovalov wrote:
>
>> Hi!
>>
>> I've got the following report while fuzzing the kernel with syzkaller.
>>
>> On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
>>
>> The issue occurs when we iterate over interface altsettings, but I
>> don't see the driver doing anything wrong. I might be missing
>> something, or this might be an issue in USB core altsettings parsing.
>
> My guess is the latter, although I can't see what is going wrong. Can
> you provide the code that does this?

I did, see the previous email (replying in case you missed it).

>
> Alan Stern
>