From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 69521C433EF for ; Sun, 3 Apr 2022 10:40:55 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5E07083B25; Sun, 3 Apr 2022 12:39:47 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="q/+fEJmk"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4EC7083AE6; Sun, 3 Apr 2022 12:39:36 +0200 (CEST) Received: from mail-wm1-x349.google.com (mail-wm1-x349.google.com [IPv6:2a00:1450:4864:20::349]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 47A4183AE6 for ; Sun, 3 Apr 2022 12:39:29 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=3YHlJYgYKBpEvDxF6619916z.x97F-w99E63DED.yz8I.yz@flex--ascull.bounces.google.com Received: by mail-wm1-x349.google.com with SMTP id bg8-20020a05600c3c8800b0038e6a989925so419251wmb.3 for ; Sun, 03 Apr 2022 03:39:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=SX2j+gl+6q2nK2RMG85DQNA20IjAgZ2snA9wZlv2pKI=; b=q/+fEJmkc7enyaG1LM3qhW/EOOb3oNPRTYa77gfKmzfeMveIuEHk1LtgZAKA9M2IRf KH/PpIjgmh9mdx8CX6WMn0Yy1iTufROw6yua1yQ+/gY984NJO3VxCkBu9rMkbKRKSnEB LCIpPL+HhF+7NtKx5NDEZ+41ZcudG+IZFIzpXbMgqbE+bOC7lz8xiiPiWmXV6bCNkw5F BysWNgURL/ppRuC4+/93gULC5MIbcSvzRfxZs6K00TE9R08wfm+F3uINlGVk9Hph6ucP 0sIC09ZSM2OF5+QHL6KXh0t2owQ5HXzi6ujrdPmBAbW+bGe0BHaZVg3CuGQZ/wGR61MS bcOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=SX2j+gl+6q2nK2RMG85DQNA20IjAgZ2snA9wZlv2pKI=; b=skknbgDAs7o2QW2dKNrDiRT/cKbLyd2coAjdMRElW89gWyxDDs804r01AoA2cvrP3C B6QJ8Ekr5gY4p1xCW7hBRiRYSiGMEKIGKYIi9A9vaW7gGSlcAXeyvyV9M7QDj3JG4DiA il7vAIkYew/9Sey5pbguGjOiTMNJp5JwUezbTshqSoPr9o/LZ4EBN4FLPBrkw0mVhp8n doTrL2VmES7i3mGTF3QJ7e6QGE1tyl+KYVab8NRNYvOerbZyJwPCmLXfXt1+WQhxfEST wyt0YniAjmuCSTwD5+H5qvfaJn7xZzPjLdFHU9US0puYlBRXgCCDoPZLPlhV9UuROGZw XuNA== X-Gm-Message-State: AOAM530oq3LLcpleJsbJz+Iju31XsZz7pQdNPof8eiNIIQElhRoMeUsJ dnh+G7m3XV84dgNIWxT/yjCF7oN9uA4hdx/kA8VtO8PPzdX7Fyr7ff5D+8iixo3OePddGQEKXVV KPzaZWUNCqVETyL69A0FYb/nso17alQv1spvVFAfCXLLid/A3y5ey/C9SVmM= X-Google-Smtp-Source: ABdhPJzECuWfPCink3EUpKcXkfYyAyzJpmDxl/NkYAMCWHEDEfqTkHQ6QZJV+S4rFUt7x7peFNfhBuHT1Vw= X-Received: from ascull.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1510]) (user=ascull job=sendgmr) by 2002:a05:600c:1d8a:b0:38e:6bc4:e2ac with SMTP id p10-20020a05600c1d8a00b0038e6bc4e2acmr3696911wms.118.1648982368849; Sun, 03 Apr 2022 03:39:28 -0700 (PDT) Date: Sun, 3 Apr 2022 10:39:12 +0000 In-Reply-To: <20220403103915.3338027-1-ascull@google.com> Message-Id: <20220403103915.3338027-6-ascull@google.com> Mime-Version: 1.0 References: <20220403103915.3338027-1-ascull@google.com> X-Mailer: git-send-email 2.35.1.1094.g7c7d902a7c-goog Subject: [PATCH 5/8] usb: sandbox: Bounds check read from buffer From: Andrew Scull To: u-boot@lists.denx.de Cc: sjg@chromium.org, seanga2@gmail.com, Andrew Scull , Marek Vasut Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean The buffer is 512 bytes but read requests can be 800 bytes. Limit the request to the size of the buffer. Signed-off-by: Andrew Scull Cc: Simon Glass Cc: Marek Vasut --- drivers/usb/emul/sandbox_flash.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/emul/sandbox_flash.c b/drivers/usb/emul/sandbox_flash.c index edabc1b3a7..cc80f67133 100644 --- a/drivers/usb/emul/sandbox_flash.c +++ b/drivers/usb/emul/sandbox_flash.c @@ -345,6 +345,8 @@ static int sandbox_flash_bulk(struct udevice *dev, struct usb_device *udev, } else { if (priv->alloc_len && len > priv->alloc_len) len = priv->alloc_len; + if (len > sizeof(priv->buff)) + len = sizeof(priv->buff); memcpy(buff, priv->buff, len); priv->phase = PHASE_STATUS; } -- 2.35.1.1094.g7c7d902a7c-goog