Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors

From: BjÃrn Mork
Date: Fri Apr 12 2019 - 05:07:38 EST

Next message: Miroslav Benes: "Re: [PATCH v3 4/9] livepatch: Add klp-convert annotation helpers"
Previous message: Colin King: "[PATCH] scsi: qedf: replace memset/memcpy with safer strscpy"
In reply to: Yang Xiao: "Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors"
Next in thread: Yang Xiao: "Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yang Xiao <92siuyang@xxxxxxxxx> writes:

> If given malicious descritors that spcify 0 for the number of endpoints,
> then there is a null pointer deference when calling function
> usb_endpoint_is_bulk_in.
>
> for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {

Try this:

#include <stdio.h>
int main()
{
int i;
for (i=0; i<0; ++i)
printf("%d\n");
return 0;
}

How many lines did it print?

BjÃrn

Next message: Miroslav Benes: "Re: [PATCH v3 4/9] livepatch: Add klp-convert annotation helpers"
Previous message: Colin King: "[PATCH] scsi: qedf: replace memset/memcpy with safer strscpy"
In reply to: Yang Xiao: "Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors"
Next in thread: Yang Xiao: "Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]