Re: [PATCH] HID: u2fzero: ignore incomplete packets without data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi again,

On 16/09/2021 17:33, Andrej Shadura wrote:
> Since the actual_length calculation is performed unsigned, packets
> shorter than 7 bytes (e.g. packets without data or otherwise truncated)
> or non-received packets ("zero" bytes) can cause buffer overflow.
> 
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=214437
> Fixes: 42337b9d4d958("HID: add driver for U2F Zero built-in LED and RNG")
> Signed-off-by: Andrej Shadura <andrew.shadura@xxxxxxxxxxxxxxx>

Having sent the email I realised I forgot to describe the actual
situation when I ran into this bug. It happened after I inserted and
removed the device multiple times very quickly. I know it’s not
extremely reliable way to reproduce it, and it rarely happened to me
before for some reason, but on the current kernel (5.11.0) I was able to
cause the crash every time I tried.

-- 
Cheers,
  Andrej



[Index of Archives]     [Linux Media Devel]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Linux Wireless Networking]     [Linux Omap]

  Powered by Linux