Hello Gerd,

+-- On Tue, 16 Feb 2016, Gerd Hoffmann wrote --+
| Moves up the check so it is done for every control xfer.  Good.
 ... 
| Why this is needed?  All control transfers go through do_token_setup
| first, so with the check moved in do_token_setup we should never ever
| trigger it here ...

  I see, okay.

| > -    if (bufoffs + buflen > length)
| > +    if (buflen > length || bufoffs >= length || bufoffs + buflen > length) 
{
| >          return USB_RET_STALL;
| > +    }
| 
| What is this?  Not mentioned in the commit message.  Looks like integer
| overflow prevention to me (if correct: separate patch with proper commit
| message please).

  That's right. I've sent separate revised patches for the above two changes.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Reply via email to