Re: [RFC]How else could a malicious device sabotage endpoints for usbnet

public inbox for linux-usb@vger.kernel.org
 help / color / mirror / Atom feed

From: Oliver Neukum <oneukum@suse.com>
To: Greg KH <gregkh@linuxfoundation.org>, Oliver Neukum <oneukum@suse.com>
Cc: linux-usb@vger.kernel.org
Subject: Re: [RFC]How else could a malicious device sabotage endpoints for usbnet
Date: Tue, 21 Dec 2021 09:36:34 +0100	[thread overview]
Message-ID: <7d37b5df-ec22-e6b8-476e-eb8394d80fd4@suse.com> (raw)
In-Reply-To: <YcGINEZn1NyYbtbD@kroah.com>


On 21.12.21 08:54, Greg KH wrote:
> On Thu, Dec 16, 2021 at 11:16:26AM +0100, Oliver Neukum wrote:
>>
>> 2) a heuristic to find the endpoints is used (that should be converted
>> to the new API)
>>
>> 3) they are given nummerically by the subdriver
>>
>> It turns out that #3 needs to verify the endpoints against malicious
>> devices.
>> So the following questions
>>
>> a) should that verification go into usbcore
> the usb_find_common_endpoints() functions are in the usbcore for drivers
> to use for this type of problem.
That API insist on finding the endpoints. It is a heuristic, so we need
to have a fallback in case it fails.
>> b) what possible ways for a malicious device to spoof us can you come
>> up with
> Start with:
> 	- invalid endpoint sizes and types
> 	- invalid data being sent on valid endpoint types
> and you will catch almost all possible errors.
>
OK. But I still need a way to do verification _only_.

    Regards
        Oliver

     prev parent reply	other threads:[~2021-12-21  8:36 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-09 15:33 [RFC]How else could a malicious device sabotage endpoints for usbnet Oliver Neukum
2021-12-09 15:47 ` Greg KH
2021-12-15 14:47   ` Oliver Neukum
2021-12-15 14:57     ` Greg KH
2021-12-16 10:16       ` Oliver Neukum
2021-12-21  7:54         ` Greg KH
2021-12-21  8:36           ` Oliver Neukum [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7d37b5df-ec22-e6b8-476e-eb8394d80fd4@suse.com \
    --to=oneukum@suse.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-usb@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox