usbip: stub_rx: fix static checker warning on unnecessary checks

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Fix the following static checker warnings:

The patch c6688ef9f297: "usbip: fix stub_rx: harden CMD_SUBMIT path
to handle malicious input" from Dec 7, 2017, leads to the following
static checker warning:

drivers/usb/usbip/stub_rx.c:346 get_pipe()
warn: impossible condition
'(pdu->u.cmd_submit.transfer_buffer_length > ((~0 >> 1))) =>
(s32min-s32max > s32max)'
drivers/usb/usbip/stub_rx.c:486 stub_recv_cmd_submit()
warn: always true condition
'(pdu->u.cmd_submit.transfer_buffer_length <= ((~0 >> 1))) =>
(s32min-s32max <= s32max)'

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Shuah Khan and committed by

Greg Kroah-Hartman 8 years ago 10c90120 90120d15

+1 -10

1 changed file

expand all

drivers

usb

usbip

stub_rx.c

+1 -10

drivers/usb/usbip/stub_rx.c

··· 339 339 340 340 epd = &ep->desc; 341 341 342 - /* validate transfer_buffer_length */ 343 - if (pdu->u.cmd_submit.transfer_buffer_length > INT_MAX) { 344 - dev_err(&sdev->udev->dev, 345 - "CMD_SUBMIT: -EMSGSIZE transfer_buffer_length %d\n", 346 - pdu->u.cmd_submit.transfer_buffer_length); 347 - return -1; 348 - } 349 - 350 342 if (usb_endpoint_xfer_control(epd)) { 351 343 if (dir == USBIP_DIR_OUT) 352 344 return usb_sndctrlpipe(udev, epnum); ··· 471 479 } 472 480 473 481 /* allocate urb transfer buffer, if needed */ 474 - if (pdu->u.cmd_submit.transfer_buffer_length > 0 && 475 - pdu->u.cmd_submit.transfer_buffer_length <= INT_MAX) { 482 + if (pdu->u.cmd_submit.transfer_buffer_length > 0) { 476 483 priv->urb->transfer_buffer = 477 484 kzalloc(pdu->u.cmd_submit.transfer_buffer_length, 478 485 GFP_KERNEL);