Skip to content

USBMSD security updates #12693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 27, 2020
Merged

USBMSD security updates #12693

merged 3 commits into from
Mar 27, 2020

Conversation

maciejbocianski
Copy link
Contributor

@maciejbocianski maciejbocianski commented Mar 24, 2020
edited
Loading

Summary of changes

Couple of USB MSD fixes improving security:

update USBMSD::infoTransfer implementation ac105f5
Fix protects underlaying block device from out-of-bound read/writes

  • prevents the host from setting block device addres larger then block device size
  • prevents the host from setting wrong read/write lenght

update USBMSD::memoryRead implementation 89e67d3
Fix protects underlaying block device from out-of-bound reads

update USBMSD::memoryWrite implementation 1ffb4d7
Fix prevents unaligned USB transfers

Impact of changes

Migration actions required

Documentation

Pull request type 

[X] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results 

[] No Tests required for this change (E.g docs only update)
[X] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

Reviewers

@c1728p9 @bulislaw @donatieng @jamesbeyond

@maciejbocianski
update USBMSD::infoTransfer implementation
ac105f5 
Fix protects underlaying block device from out-of-bound read/writes
 - prevents the host from setting block device addres larger then block device size
 - prevents the host from setting wrong read/write lenght
@maciejbocianski
update USBMSD::memoryRead implementation
89e67d3 
Fix protects underlaying block device from out-of-bound reads
@maciejbocianski
update USBMSD::memoryWrite implementation
1ffb4d7 
Fix prevents unaligned USB transfers
@ciarmcom ciarmcom requested review from bulislaw, c1728p9, donatieng, jamesbeyond and a team March 24, 2020 22:00
@ciarmcom
Copy link
Member

@maciejbocianski, thank you for your changes.
@donatieng @c1728p9 @jamesbeyond @bulislaw @ARMmbed/mbed-os-core @ARMmbed/mbed-os-maintainers please review.

@adbridge
Copy link
Contributor

@maciejbocianski please explain what each fix is and why it is required in the header

@mergify mergify bot added needs: CI and removed needs: review labels Mar 26, 2020
@0xc0170
Copy link
Contributor

0xc0170 commented Mar 26, 2020

CI started

jamesbeyond
jamesbeyond approved these changes Mar 26, 2020
View reviewed changes
Copy link
Contributor

@jamesbeyond jamesbeyond left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done! Thanks alot for the contribution

@mbed-ci
Copy link

mbed-ci commented Mar 26, 2020

Test run: SUCCESS

Summary: 6 of 6 test jobs passed
Build number : 1
Build artifacts

@adbridge adbridge merged commit 292a1b9 into ARMmbed:master Mar 27, 2020
@mergify
Copy link

mergify bot commented Mar 27, 2020

This PR does not contain release version label after merging.

@mergify mergify bot added the release version missing When PR does not contain release version, bot should label it and we fix it afterwards label Mar 27, 2020
@bulislaw
Copy link
Member

We need to back port this fix on 5.15 LTS @0xc0170

@0xc0170
Copy link
Contributor

0xc0170 commented Mar 31, 2020

@Mergifyio backport mbed-os-5.15

@0xc0170 0xc0170 removed the release version missing When PR does not contain release version, bot should label it and we fix it afterwards label Mar 31, 2020
@mergify mergify bot mentioned this pull request Mar 31, 2020
Merged
@mergify
Copy link

mergify bot commented Mar 31, 2020

Command backport mbed-os-5.15: success

Backports have been created

@bulislaw
Copy link
Member

Magic! 😮

0xc0170 added a commit that referenced this pull request Apr 7, 2020
@0xc0170
Merge pull request #12727 from ARMmbed/mergify/bp/mbed-os-5.15/pr-12693
41e1c2d 
USBMSD security updates (bp #12693)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adbridge adbridge adbridge approved these changes

@jamesbeyond jamesbeyond jamesbeyond approved these changes

@bulislaw bulislaw Awaiting requested review from bulislaw

@c1728p9 c1728p9 Awaiting requested review from c1728p9

@donatieng donatieng Awaiting requested review from donatieng

Assignees
No one assigned
Labels
release-version: 6.0.0-beta-1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@maciejbocianski @ciarmcom @adbridge @0xc0170 @mbed-ci @bulislaw @jamesbeyond