Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 1 changes from Release-0-M119 #40436

Merged
merged 2 commits into from Nov 2, 2023
Merged

chore: cherry-pick 1 changes from Release-0-M119 #40436

merged 2 commits into from Nov 2, 2023

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Nov 2, 2023
edited

electron/security#422 - 80106e31c7ea from chromium [M-118] usb: Validate isochronous transfer packet lengths

USBDevice.isochronousTransferIn and
USBDevice.isochronousTransferOut take a parameter containing
a list of packet lengths. This CL adds validation that the
total packet length does not exceed the maximum buffer size.
For isochronousTransferOut, it also checks that the total
length of all packets in bytes is equal to the size of the
data buffer.

Passing invalid packet lengths causes the promise to be
rejected with a DataError.

(cherry picked from commit bb36f739e7e0a3722beeb2744744195c22fd6143)

Bug: 1492381, 1492384
Change-Id: Id9ae16c7e6f1c417e0fc4f21d53e9de11560b2b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4944690
Reviewed-by: Reilly Grant reillyg@chromium.org
Commit-Queue: Matt Reynolds mattreynolds@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1212916}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4974416
Commit-Queue: Reilly Grant reillyg@chromium.org
Auto-Submit: Matt Reynolds mattreynolds@chromium.org
Cr-Commit-Position: refs/branch-heads/5993@{#1425}
Cr-Branched-From: 511350718e646be62331ae9d7213d10ec320d514-refs/heads/main@{#1192594}

Notes:

@ppontes ppontes requested a review from a team as a code owner November 2, 2023 18:11
@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 26-x-y labels Nov 2, 2023
@jkleinsc jkleinsc merged commit 3daa401 into 26-x-y Nov 2, 2023
13 checks passed
@jkleinsc jkleinsc deleted the cherry-pick/security/26-x-y/release-0-m119 branch November 2, 2023 21:10
@release-clerk Release Clerk
Copy link

release-clerk bot commented Nov 2, 2023

Release Notes Persisted

  • Security: backported fix for CVE-2023-5849.
  • Security: backported fix for CVE-2023-5482.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

Assignees
No one assigned
Labels
26-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ppontes @jkleinsc