[prev in list] [next in list] [prev in thread] [next in thread]
List: libusb-devel
Subject: Re: [libusb] #162: libusb_alloc_transfer vulnerable to integer overflow/underflow
From: "libusb Trac" <trac () libusb ! org>
Date: 2013-03-27 21:18:41
Message-ID: 052.ac08326a08f2d63d34daa00c59e69b53 () libusb ! org
[Download RAW message or body]
#162: libusb_alloc_transfer vulnerable to integer overflow/underflow
---------------------+------------------------
Reporter: meacer | Owner:
Type: defect | Status: new
Milestone: | Component: libusb-1.0
Resolution: | Keywords: security
Blocked By: | Blocks:
---------------------+------------------------
Comment (by meacer):
Sorry again for the late response, somehow I'm failing to receive the
emails.
I'm not the original author of the USB API for Chromium, so I'm not sure
why there isn't a libusb git tree. You can find the code in trunk here:
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/libusb/src/
Note that we didn't patch libusb in Chromium, but we patched the client
code -- albeit somehow arbitrarily by limiting transfer lengths. One of
the patches is here:
http://src.chromium.org/viewvc/chrome?view=rev&revision=182128
--
Ticket URL: <https://libusb.org/ticket/162#comment:5>
libusb <https://libusb.org/>
C library for writing portable USB drivers in userspace
------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
libusb-devel mailing list
libusb-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libusb-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic