Hi,
Alan Stern writes:
>> > Index: usb-4.x/drivers/usb/gadget/legacy/inode.c
>> > ===
>> > --- usb-4.x.orig/drivers/usb/gadget/legacy/inode.c
>> > +++ usb-4.x/drivers/usb/gadget/legacy/inode.c
>> > @@
On Tue, 27 Dec 2016, Felipe Balbi wrote:
>
> Hi,
>
> Alan Stern writes:
> > On Tue, 6 Dec 2016, Andrey Konovalov wrote:
> >
> >> Hi!
> >>
> >> I've got the following error report while running the syzkaller fuzzer.
> >>
> >> ep0_write() doesn't check the length, so
Hi,
Alan Stern writes:
> On Tue, 6 Dec 2016, Andrey Konovalov wrote:
>
>> Hi!
>>
>> I've got the following error report while running the syzkaller fuzzer.
>>
>> ep0_write() doesn't check the length, so a user can cause an
>> out-of-bounds with both size and data
On Tue, Dec 6, 2016 at 4:30 PM, Alan Stern wrote:
> On Tue, 6 Dec 2016, Andrey Konovalov wrote:
>
>> Hi!
>>
>> I've got the following error report while running the syzkaller fuzzer.
>>
>> ep0_write() doesn't check the length, so a user can cause an
>> out-of-bounds
On Tue, 6 Dec 2016, Andrey Konovalov wrote:
> Hi!
>
> I've got the following error report while running the syzkaller fuzzer.
>
> ep0_write() doesn't check the length, so a user can cause an
> out-of-bounds with both size and data controlled.
> There's a comment which says "IN DATA+STATUS
Hi!
I've got the following error report while running the syzkaller fuzzer.
ep0_write() doesn't check the length, so a user can cause an
out-of-bounds with both size and data controlled.
There's a comment which says "IN DATA+STATUS caller makes len <=
wLength". While I'm not exactly sure what