On Thu, Dec 14, 2017 at 11:01:15AM -0700, Shuah Khan wrote:
> Hi Dan,
>
> On 12/14/2017 12:58 AM, Dan Carpenter wrote:
> > Hello Shuah Khan,
> >
> > The patch c6688ef9f297: "usbip: fix stub_rx: harden CMD_SUBMIT path
> > to handle malicious input" from Dec 7, 2017, leads to the following
> > static checker warning:
> >
> > drivers/usb/usbip/stub_rx.c:346 get_pipe()
> > warn: impossible condition '(pdu->u.cmd_submit.transfer_buffer_length > ((~0 >> 1))) => (s32min-s32max > s32max)'
> > drivers/usb/usbip/stub_rx.c:486 stub_recv_cmd_submit()
> > warn: always true condition '(pdu->u.cmd_submit.transfer_buffer_length <= ((~0 >> 1))) => (s32min-s32max <= s32max)'
> >
> > drivers/usb/usbip/stub_rx.c
> > 343 epd = &ep->desc;
> > 344
> > 345 /* validate transfer_buffer_length */
> > 346 if (pdu->u.cmd_submit.transfer_buffer_length > INT_MAX) {
> > ^^^^^^^^^^^^^^^^^^^^^^
> > This is an int.
>
> Yeah the check should have been against S32_MAX for the two checks
> in this patch.
TBH, I don't understand.
INT_MAX is always the same as S32_MAX on every arch (that wasn't always
true in ancient times but it's always true on linux arches).
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
