Re: [RFC]How else could a malicious device sabotage endpoints for usbnet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 21.12.21 08:54, Greg KH wrote:
> On Thu, Dec 16, 2021 at 11:16:26AM +0100, Oliver Neukum wrote:
>>
>> 2) a heuristic to find the endpoints is used (that should be converted
>> to the new API)
>>
>> 3) they are given nummerically by the subdriver
>>
>> It turns out that #3 needs to verify the endpoints against malicious
>> devices.
>> So the following questions
>>
>> a) should that verification go into usbcore
> the usb_find_common_endpoints() functions are in the usbcore for drivers
> to use for this type of problem.
That API insist on finding the endpoints. It is a heuristic, so we need
to have a fallback in case it fails.
>> b) what possible ways for a malicious device to spoof us can you come
>> up with
> Start with:
> 	- invalid endpoint sizes and types
> 	- invalid data being sent on valid endpoint types
> and you will catch almost all possible errors.
>
OK. But I still need a way to do verification _only_.

    Regards
        Oliver





[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux