Re: [PATCH v2 1/2] HID: u2fzero: explicitly check for errors
From: Alan Stern <stern@rowland.harvard.edu>
Date: 2021-10-18 14:15:46
Also in:
linux-input, stable
On Mon, Oct 18, 2021 at 02:21:43PM +0200, Andrej Shadura wrote:
quoted hunk ↗ jump to hunk
The previous commit fixed handling of incomplete packets but broke error handling: offsetof returns an unsigned value (size_t), but when compared against the signed return value, the return value is interpreted as if it were unsigned, so negative return values are never less than the offset. Fixes: 22d65765f211 ("HID: u2fzero: ignore incomplete packets without data") Fixes: 42337b9d4d95 ("HID: add driver for U2F Zero built-in LED and RNG") Signed-off-by: Andrej Shadura <redacted> --- drivers/hid/hid-u2fzero.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)diff --git a/drivers/hid/hid-u2fzero.c b/drivers/hid/hid-u2fzero.c index d70cd3d7f583..5145d758bea0 100644 --- a/drivers/hid/hid-u2fzero.c +++ b/drivers/hid/hid-u2fzero.c@@ -200,7 +200,7 @@ static int u2fzero_rng_read(struct hwrng *rng, void *data, ret = u2fzero_recv(dev, &req, &resp); /* ignore errors or packets without data */ - if (ret < offsetof(struct u2f_hid_msg, init.data)) + if (ret < 0 || ret < offsetof(struct u2f_hid_msg, init.data))
Although the patch description does a good job of explaining what's happening, someone merely reading the code will most likely not understand. One alternative is to add a comment. Another is simply to force a signed integer comparison: if (ret < (ssize_t) offsetof(... Alan Stern