Le 19/03/2020 à 08:49, Pierre Pronchery a écrit :
> Module Name:  src
> Committed By: khorben
> Date:         Thu Mar 19 07:49:29 UTC 2020
> 
> Modified Files:
>       src/sys/dev/usb: if_umb.c
> 
> Log Message:
> When there is no network around the state timeout fires over and over again.
> Change the printf into a log and only under IFF_DEBUG to reduce dmesg spam.
> Loudly requested by beck@ OK deraadt@

FWIW, there is a number of potentially exploitable bugs in this driver,
and they have been in my todo list for three months.

Eg, follow umb_decode_response(), there are integer overflows that can
trigger actual buffer overflows. Would you be interested in fixing the
vulns?

> From OpenBSD.

Overall "From OpenBSD" is a redflag for buggy and vulnerable code..

Maxime

Reply via email to