On 04/06/2018 02:01 AM, Sergei Shtylyov wrote:
> Hello!
> 
> On 4/6/2018 1:31 AM, Shuah Khan wrote:
> 
>> Validate !rhport < 0 before using it to access port_status array.
> 
>    Why '!'?
> 

I should have explained it better in the commit log.

rhport is set based on input wIndex which could be 0. This isn't
the case for all the Request but some. wIndex is range checked in
the code paths that it shouldn't be. The same applies to rhport
in some request handling paths. Without the checks there is the
potential for out of bounds access on port_status array.

thanks,
-- Shuah
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to