From mboxrd@z Thu Jan 1 00:00:00 1970 From: Johan Hovold Date: Wed, 04 Jul 2018 13:43:14 +0000 Subject: Re: [PATCH] USB: serial: ch341: type promotion bug in ch341_control_in() Message-Id: <20180704134314.GS9802@localhost> List-Id: References: <20180704092938.g3woukcm5ir6zr7e@kili.mountain> In-Reply-To: <20180704092938.g3woukcm5ir6zr7e@kili.mountain> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Dan Carpenter Cc: Johan Hovold , Greg Kroah-Hartman , linux-usb@vger.kernel.org, kernel-janitors@vger.kernel.org On Wed, Jul 04, 2018 at 12:29:38PM +0300, Dan Carpenter wrote: > The "r" variable is an int and "bufsize" is an unsigned int so the > comparison is type promoted to unsigned. If usb_control_msg() returns a > negative that is treated as a high positive value and the error handling > doesn't work. > > Fixes: 2d5a9c72d0c4 ("USB: serial: ch341: fix control-message error handling") > Signed-off-by: Dan Carpenter Thanks for catching this. Now applied with a stable tag as this could have security implications. Johan From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Subject: USB: serial: ch341: type promotion bug in ch341_control_in() From: Johan Hovold Message-Id: <20180704134314.GS9802@localhost> Date: Wed, 4 Jul 2018 15:43:14 +0200 To: Dan Carpenter Cc: Johan Hovold , Greg Kroah-Hartman , linux-usb@vger.kernel.org, kernel-janitors@vger.kernel.org List-ID: T24gV2VkLCBKdWwgMDQsIDIwMTggYXQgMTI6Mjk6MzhQTSArMDMwMCwgRGFuIENhcnBlbnRlciB3 cm90ZToKPiBUaGUgInIiIHZhcmlhYmxlIGlzIGFuIGludCBhbmQgImJ1ZnNpemUiIGlzIGFuIHVu c2lnbmVkIGludCBzbyB0aGUKPiBjb21wYXJpc29uIGlzIHR5cGUgcHJvbW90ZWQgdG8gdW5zaWdu ZWQuICBJZiB1c2JfY29udHJvbF9tc2coKSByZXR1cm5zIGEKPiBuZWdhdGl2ZSB0aGF0IGlzIHRy ZWF0ZWQgYXMgYSBoaWdoIHBvc2l0aXZlIHZhbHVlIGFuZCB0aGUgZXJyb3IgaGFuZGxpbmcKPiBk b2Vzbid0IHdvcmsuCj4gCj4gRml4ZXM6IDJkNWE5YzcyZDBjNCAoIlVTQjogc2VyaWFsOiBjaDM0 MTogZml4IGNvbnRyb2wtbWVzc2FnZSBlcnJvciBoYW5kbGluZyIpCj4gU2lnbmVkLW9mZi1ieTog RGFuIENhcnBlbnRlciA8ZGFuLmNhcnBlbnRlckBvcmFjbGUuY29tPgoKVGhhbmtzIGZvciBjYXRj aGluZyB0aGlzLgoKTm93IGFwcGxpZWQgd2l0aCBhIHN0YWJsZSB0YWcgYXMgdGhpcyBjb3VsZCBo YXZlIHNlY3VyaXR5IGltcGxpY2F0aW9ucy4KCkpvaGFuCi0tLQpUbyB1bnN1YnNjcmliZSBmcm9t IHRoaXMgbGlzdDogc2VuZCB0aGUgbGluZSAidW5zdWJzY3JpYmUgbGludXgtdXNiIiBpbgp0aGUg Ym9keSBvZiBhIG1lc3NhZ2UgdG8gbWFqb3Jkb21vQHZnZXIua2VybmVsLm9yZwpNb3JlIG1ham9y ZG9tbyBpbmZvIGF0ICBodHRwOi8vdmdlci5rZXJuZWwub3JnL21ham9yZG9tby1pbmZvLmh0bWwK