Skip to content

USBMSD security updates (bp #12693) #12727

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 7, 2020
Merged

USBMSD security updates (bp #12693) #12727

merged 3 commits into from
Apr 7, 2020

Conversation

mergify[bot]
Copy link

@mergify mergify bot commented Mar 31, 2020
edited by 0xc0170
Loading

Summary of changes

Backport: Couple of USB MSD fixes improving security:

update USBMSD::infoTransfer implementation ac105f5
Fix protects underlaying block device from out-of-bound read/writes

  • prevents the host from setting block device addres larger then block device size
  • prevents the host from setting wrong read/write lenght

update USBMSD::memoryRead implementation 89e67d3
Fix protects underlaying block device from out-of-bound reads

update USBMSD::memoryWrite implementation 1ffb4d7
Fix prevents unaligned USB transfers

Impact of changes

Migration actions required

Documentation

Pull request type 

[X] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results 

[] No Tests required for this change (E.g docs only update)
[X] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

Reviewers

@maciejbocianski
update USBMSD::infoTransfer implementation
a0e35d2 
Fix protects underlaying block device from out-of-bound read/writes
 - prevents the host from setting block device addres larger then block device size
 - prevents the host from setting wrong read/write lenght

(cherry picked from commit ac105f5)
@maciejbocianski
update USBMSD::memoryRead implementation
a277db1 
Fix protects underlaying block device from out-of-bound reads

(cherry picked from commit 89e67d3)
@maciejbocianski
update USBMSD::memoryWrite implementation
95bb2a8 
Fix prevents unaligned USB transfers

(cherry picked from commit 1ffb4d7)
@mergify mergify bot mentioned this pull request Mar 31, 2020
Merged
@0xc0170 0xc0170 requested a review from maciejbocianski March 31, 2020 09:29
@ciarmcom ciarmcom requested a review from a team March 31, 2020 11:00
@ciarmcom
Copy link
Member

@mergify[bot], thank you for your changes.
@ARMmbed/mbed-os-maintainers please review.

@bulislaw
Copy link
Member

Please include it in next patch release on 5.15 branch.

@0xc0170 0xc0170 requested review from adbridge and bulislaw April 2, 2020 09:01
@mergify mergify bot added needs: CI and removed needs: review labels Apr 2, 2020
@0xc0170
Copy link
Contributor

0xc0170 commented Apr 2, 2020

CI started

adbridge
adbridge reviewed Apr 2, 2020
View reviewed changes
drivers/source/usb/USBMSD.cpp

if (!_cbw.DataLength) { // host requests no data
if (!_cbw.DataLength || !length_blocks || (length_blocks > _block_count - addr_block) || (_length > _memory_size - _addr)) { // host requests no data or wrong length
Copy link
Contributor

@adbridge adbridge Apr 2, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a '!' logical operator to check for a zero value rather than a Boolean is not the best way of doing things but is used elsewhere so is at least consistent. Missed this in the original review!

@mbed-ci
Copy link

mbed-ci commented Apr 2, 2020

Test run: FAILED

Summary: 1 of 9 test jobs failed
Build number : 1
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_greentea-test-lts

@0xc0170
Copy link
Contributor

0xc0170 commented Apr 2, 2020

CI restarted (new CI config)

@mbed-ci
Copy link

mbed-ci commented Apr 6, 2020

Test run: FAILED

Summary: 1 of 9 test jobs failed
Build number : 2
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_greentea-test-lts

@mbed-ci
Copy link

mbed-ci commented Apr 7, 2020

Test run: FAILED

Summary: 1 of 10 test jobs failed
Build number : 3
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_greentea-test-lts

@mergify mergify bot added needs: CI and removed needs: CI labels Apr 7, 2020
@mbed-ci
Copy link

mbed-ci commented Apr 7, 2020

Test run: SUCCESS

Summary: 10 of 10 test jobs passed
Build number : 4
Build artifacts

@mergify mergify bot removed the needs: CI label Apr 7, 2020
@0xc0170 0xc0170 merged commit 41e1c2d into mbed-os-5.15 Apr 7, 2020
@mergify mergify bot removed the ready for merge label Apr 7, 2020
@mergify mergify bot deleted the mergify/bp/mbed-os-5.15/pr-12693 branch April 7, 2020 07:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xc0170 0xc0170 0xc0170 approved these changes

@adbridge adbridge adbridge approved these changes

@maciejbocianski maciejbocianski maciejbocianski approved these changes

@bulislaw bulislaw Awaiting requested review from bulislaw

Assignees
No one assigned
Labels
release-version: 5.15.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ciarmcom @bulislaw @0xc0170 @mbed-ci @adbridge @maciejbocianski