-
Notifications
You must be signed in to change notification settings - Fork 3k
USBMSD security updates #12693
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
USBMSD security updates #12693
Conversation
Fix protects underlaying block device from out-of-bound read/writes - prevents the host from setting block device addres larger then block device size - prevents the host from setting wrong read/write lenght
Fix protects underlaying block device from out-of-bound reads
Fix prevents unaligned USB transfers
@maciejbocianski, thank you for your changes. |
@maciejbocianski please explain what each fix is and why it is required in the header |
CI started |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well done! Thanks alot for the contribution
Test run: SUCCESSSummary: 6 of 6 test jobs passed |
This PR does not contain release version label after merging. |
We need to back port this fix on 5.15 LTS @0xc0170 |
@Mergifyio backport mbed-os-5.15 |
Command
|
Magic! 😮 |
USBMSD security updates (bp #12693)
Summary of changes
Couple of USB MSD fixes improving security:
update USBMSD::infoTransfer implementation ac105f5
Fix protects underlaying block device from out-of-bound read/writes
update USBMSD::memoryRead implementation 89e67d3
Fix protects underlaying block device from out-of-bound reads
update USBMSD::memoryWrite implementation 1ffb4d7
Fix prevents unaligned USB transfers
Impact of changes
Migration actions required
Documentation
Pull request type
Test results
Reviewers
@c1728p9 @bulislaw @donatieng @jamesbeyond