From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Oliver Neukum <oneukum@suse.com>
Cc: Alan Stern <stern@rowland.harvard.edu>,
Griffin Kroah-Hartman <griffin@kroah.com>,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/3] usb: core: strengthen size check in usb_parse_interface()
Date: Tue, 14 Jul 2026 08:30:16 +0200 [thread overview]
Message-ID: <2026071438-emptiness-judgingly-4a1c@gregkh> (raw)
In-Reply-To: <f298dd66-987f-4e37-ad26-621dac5b5d1f@suse.com>
On Tue, Jul 14, 2026 at 08:20:32AM +0200, Oliver Neukum wrote:
>
>
> On 14.07.26 07:53, Greg Kroah-Hartman wrote:
> > On Mon, Jul 13, 2026 at 12:13:04PM -0400, Alan Stern wrote:
>
> > > No, because usb_parse_configuration() has already performed this check.
> > > A malicious device can't avoid that earlier check, and so we don't need
> > > to do it again.
> >
> > Ok, this is my fault.
> Speaking about fault here isn't likely to be productive.
But it is cathartic :)
> The error is easy to make. I made it once. We have the power
> of using comments. That place needs one.
Sure, which place, usb_parse_configuration() or the other parse
locations or both?
thanks,
greg k-h
next prev parent reply other threads:[~2026-07-14 6:30 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-13 15:43 [PATCH 0/3] USB core defense "hardening" changes Griffin Kroah-Hartman
2026-07-13 15:43 ` [PATCH 1/3] usb: core: Add size check to find_next_descriptor() Griffin Kroah-Hartman
2026-07-13 16:14 ` Alan Stern
2026-07-13 15:43 ` [PATCH 2/3] usb: core: strengthen size check in usb_parse_interface() Griffin Kroah-Hartman
2026-07-13 16:13 ` Alan Stern
2026-07-14 5:53 ` Greg Kroah-Hartman
2026-07-14 6:20 ` Oliver Neukum
2026-07-14 6:30 ` Greg Kroah-Hartman [this message]
2026-07-14 7:06 ` Oliver Neukum
2026-07-14 16:41 ` Alan Stern
2026-07-13 15:43 ` [PATCH 3/3] usb: core: Add lock to usb_wakeup_notification() Griffin Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2026071438-emptiness-judgingly-4a1c@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=griffin@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=oneukum@suse.com \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.