Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors

From: Yang Xiao
Date: Fri Apr 12 2019 - 05:37:37 EST

Next message: Gao Xiang: "Re: [PATCH] staging: erofs: fix unexpected out-of-bound data access"
Previous message: Zenghui Yu: "Re: [PATCH 2/2] kvm: arm: Unify handling THP backed host memory"
In reply to: BjÃrn Mork: "Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am so sorry. I misunderstood the reason of CVE-2016-2188.

Sorry again!!!

On Fri, Apr 12, 2019 at 5:07 PM BjÃrn Mork <bjorn@xxxxxxx> wrote:
>
> Yang Xiao <92siuyang@xxxxxxxxx> writes:
>
> > If given malicious descritors that spcify 0 for the number of endpoints,
> > then there is a null pointer deference when calling function
> > usb_endpoint_is_bulk_in.
> >
> > for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
>
> Try this:
>
> #include <stdio.h>
> int main()
> {
> int i;
> for (i=0; i<0; ++i)
> printf("%d\n");
> return 0;
> }
>
> How many lines did it print?
>
>
> BjÃrn

Next message: Gao Xiang: "Re: [PATCH] staging: erofs: fix unexpected out-of-bound data access"
Previous message: Zenghui Yu: "Re: [PATCH 2/2] kvm: arm: Unify handling THP backed host memory"
In reply to: BjÃrn Mork: "Re: [PATCH] USB: s2255 & stkwebcam: fix oops with malicious USB descriptors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]