Sean Anderson 24057fe0a8 sandbox: usb: Fix out-of-bounds read when fd=-1 ... sandbox_flash_bulk uses priv->read_len to determine if priv->buff contains the response data (such as from SCSI_INQUIRY). However, if priv->fd=-1 in handle_read, then priv->read_len is not set even though we are going to PHASE_DATA. This causes sandbox_flash_bulk to try and read len bytes from priv->buff, which likely goes past the end of the buffer. Fix this by always setting priv->read_len even if we aren't going to read anything. Fixes: f4f715360c ("dm: usb: sandbox: Add an emulator for USB flash devices") Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>		2022-06-28 03:09:51 +01:00
..
Kconfig	usb: Enforce DM_USB migration for USB_HOST devices.	2021-07-18 21:05:31 -04:00
Makefile	SPDX: Convert all of our single license tags to Linux Kernel style	2018-05-07 09:34:12 -04:00
sandbox_flash.c	sandbox: usb: Fix out-of-bounds read when fd=-1	2022-06-28 03:09:51 +01:00
sandbox_hub.c	dm: treewide: Rename ..._platdata variables to just ..._plat	2020-12-13 16:51:09 -07:00
sandbox_keyb.c	dm: treewide: Rename dev_get_platdata() to dev_get_plat()	2020-12-13 16:51:09 -07:00
usb-emul-uclass.c	usb: sandbox: Check for string end in copy_to_unicode()	2022-04-29 11:11:36 -04:00