LM
/
u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
u-boot/drivers/usb/emul
History
Sean Anderson 24057fe0a8 sandbox: usb: Fix out-of-bounds read when fd=-1 
sandbox_flash_bulk uses priv->read_len to determine if priv->buff contains
the response data (such as from SCSI_INQUIRY). However, if priv->fd=-1 in
handle_read, then priv->read_len is not set even though we are going to
PHASE_DATA. This causes sandbox_flash_bulk to try and read len bytes from
priv->buff, which likely goes past the end of the buffer. Fix this by always
setting priv->read_len even if we aren't going to read anything.

Fixes: f4f715360c ("dm: usb: sandbox: Add an emulator for USB flash devices")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
 		2022-06-28 03:09:51 +01:00
..
Kconfig usb: Enforce DM_USB migration for USB_HOST devices. 2021-07-18 21:05:31 -04:00
Makefile SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
sandbox_flash.c sandbox: usb: Fix out-of-bounds read when fd=-1 2022-06-28 03:09:51 +01:00
sandbox_hub.c dm: treewide: Rename ..._platdata variables to just ..._plat 2020-12-13 16:51:09 -07:00
sandbox_keyb.c dm: treewide: Rename dev_get_platdata() to dev_get_plat() 2020-12-13 16:51:09 -07:00
usb-emul-uclass.c usb: sandbox: Check for string end in copy_to_unicode() 2022-04-29 11:11:36 -04:00