Hello Gerd,
+-- On Tue, 16 Feb 2016, Gerd Hoffmann wrote --+
| Moves up the check so it is done for every control xfer. Good.
...
| Why this is needed? All control transfers go through do_token_setup
| first, so with the check moved in do_token_setup we should never ever
| trigger it here ...
I see, okay.
| > - if (bufoffs + buflen > length)
| > + if (buflen > length || bufoffs >= length || bufoffs + buflen > length)
{
| > return USB_RET_STALL;
| > + }
|
| What is this? Not mentioned in the commit message. Looks like integer
| overflow prevention to me (if correct: separate patch with proper commit
| message please).
That's right. I've sent separate revised patches for the above two changes.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
