Hello Gerd, +-- On Tue, 16 Feb 2016, Gerd Hoffmann wrote --+ | Moves up the check so it is done for every control xfer. Good. ... | Why this is needed? All control transfers go through do_token_setup | first, so with the check moved in do_token_setup we should never ever | trigger it here ...
I see, okay. | > - if (bufoffs + buflen > length) | > + if (buflen > length || bufoffs >= length || bufoffs + buflen > length) { | > return USB_RET_STALL; | > + } | | What is this? Not mentioned in the commit message. Looks like integer | overflow prevention to me (if correct: separate patch with proper commit | message please). That's right. I've sent separate revised patches for the above two changes. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F