Le 19/03/2020 à 08:49, Pierre Pronchery a écrit : > Module Name: src > Committed By: khorben > Date: Thu Mar 19 07:49:29 UTC 2020 > > Modified Files: > src/sys/dev/usb: if_umb.c > > Log Message: > When there is no network around the state timeout fires over and over again. > Change the printf into a log and only under IFF_DEBUG to reduce dmesg spam. > Loudly requested by beck@ OK deraadt@
FWIW, there is a number of potentially exploitable bugs in this driver, and they have been in my todo list for three months. Eg, follow umb_decode_response(), there are integer overflows that can trigger actual buffer overflows. Would you be interested in fixing the vulns? > From OpenBSD. Overall "From OpenBSD" is a redflag for buggy and vulnerable code.. Maxime