Skip to content

USBMSD security updates #12693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 27, 2020
Merged

USBMSD security updates #12693

merged 3 commits into from
Mar 27, 2020

Conversation

maciejbocianski
Copy link
Contributor

@maciejbocianski maciejbocianski commented Mar 24, 2020

Summary of changes

Couple of USB MSD fixes improving security:

update USBMSD::infoTransfer implementation ac105f5
Fix protects underlaying block device from out-of-bound read/writes

  • prevents the host from setting block device addres larger then block device size
  • prevents the host from setting wrong read/write lenght

update USBMSD::memoryRead implementation 89e67d3
Fix protects underlaying block device from out-of-bound reads

update USBMSD::memoryWrite implementation 1ffb4d7
Fix prevents unaligned USB transfers

Impact of changes

Migration actions required

Documentation


Pull request type

[X] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results

[] No Tests required for this change (E.g docs only update)
[X] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

Reviewers

@c1728p9 @bulislaw @donatieng @jamesbeyond


Fix protects underlaying block device from out-of-bound read/writes
 - prevents the host from setting block device addres larger then block device size
 - prevents the host from setting wrong read/write lenght
Fix protects underlaying block device from out-of-bound reads
Fix prevents unaligned USB transfers
@ciarmcom ciarmcom requested review from bulislaw, c1728p9, donatieng, jamesbeyond and a team March 24, 2020 22:00
@ciarmcom
Copy link
Member

@maciejbocianski, thank you for your changes.
@donatieng @c1728p9 @jamesbeyond @bulislaw @ARMmbed/mbed-os-core @ARMmbed/mbed-os-maintainers please review.

@adbridge
Copy link
Contributor

@maciejbocianski please explain what each fix is and why it is required in the header

@mergify mergify bot added needs: CI and removed needs: review labels Mar 26, 2020
@0xc0170
Copy link
Contributor

0xc0170 commented Mar 26, 2020

CI started

Copy link
Contributor

@jamesbeyond jamesbeyond left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done! Thanks alot for the contribution

@mbed-ci
Copy link

mbed-ci commented Mar 26, 2020

Test run: SUCCESS

Summary: 6 of 6 test jobs passed
Build number : 1
Build artifacts

@mergify
Copy link

mergify bot commented Mar 27, 2020

This PR does not contain release version label after merging.

@mergify mergify bot added the release version missing When PR does not contain release version, bot should label it and we fix it afterwards label Mar 27, 2020
@bulislaw
Copy link
Member

We need to back port this fix on 5.15 LTS @0xc0170

@0xc0170
Copy link
Contributor

0xc0170 commented Mar 31, 2020

@Mergifyio backport mbed-os-5.15

@0xc0170 0xc0170 removed the release version missing When PR does not contain release version, bot should label it and we fix it afterwards label Mar 31, 2020
@mergify
Copy link

mergify bot commented Mar 31, 2020

Command backport mbed-os-5.15: success

Backports have been created

@bulislaw
Copy link
Member

Magic! 😮

0xc0170 added a commit that referenced this pull request Apr 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants