Re: [PATCH v2] usb: gadget: functioni: Fix a oob problem in rndis

public inbox for linux-usb@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: jackysliu <1972843537@qq.com>
Cc: linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
	viro@zeniv.linux.org.uk
Subject: Re: [PATCH v2] usb: gadget: functioni: Fix a oob problem in rndis
Date: Tue, 15 Jul 2025 10:32:28 +0200	[thread overview]
Message-ID: <2025071539-tattoo-knickers-a775@gregkh> (raw)
In-Reply-To: <tencent_AC052534ED0C97ED96CDBF2269E71DAE5905@qq.com>

On Tue, Jul 15, 2025 at 04:20:09PM +0800, jackysliu wrote:
> On Fri, Jul 11 2025 08:51:30 +0200, greg k-h wrote:
> 
> >Yes, and then look to see what buf_len (not buflen) in
> >gen_ndis_set_resp() is used for.  I'll wait... :)
> Oh,my bad.It seem that buf_len will only be used for some debugging code..
> 
> >What tool generated this static analysis?  You always have to mention
> >that as per our development rules.
> The vulnerability is found by  is found by Wukong-Agent, a code security AI agent,
>  through static code analysis.But It seems that this is a false positive..

As per our documentation, you have to always disclose what tools you use
to find stuff.  Please always do that, otherwise your reports are going
to be ignored.

And then also properly TEST your change to verify that it works before
submitting it, that didn't happen here.

> >And what qemu setup did you use to test this?  That would be helpful to
> >know so that I can verify it on my end.
> 
> I've add some web-usb device to test this model.But seems that I went into a wrong way.

What is a "web-usb" device?  How does rndis work with that?

thanks,

greg k-h

next prev parent reply	other threads:[~2025-07-15  8:32 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-10  8:14 [PATCH] usb: gadget: functioni: Fix a oob problem in rndis jackysliu
2025-07-10  8:21 ` Greg KH
2025-07-10  8:49   ` [PATCH v2] " jackysliu
2025-07-10  9:16     ` Greg KH
2025-07-10  9:33       ` jackysliu
2025-07-10  9:34       ` Greg KH
2025-07-10 12:19     ` Greg KH
2025-07-11  3:46       ` jackysliu
2025-07-11  5:54         ` Greg KH
2025-07-11  6:40           ` jackysliu
2025-07-11  6:51             ` Greg KH
2025-07-15  8:20               ` jackysliu
2025-07-15  8:32                 ` Greg KH [this message]
2025-07-15  8:47                   ` jackysliu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2025071539-tattoo-knickers-a775@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=1972843537@qq.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox