]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 60e70ec) | patch
USB: core: harden cdc_parse_cdc_header
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 21 Sep 2017 14:58:48 +0000 (16:58 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 21 Sep 2017 15:01:38 +0000 (17:01 +0200)
commit2e1c42391ff2556387b3cb6308b24f6f65619feb
treede17bf75f6f81fb1d2d14748ede49e7d3f3c2f88tree
parent60e70ecd7ae0f09ed07699517071eacb01c26d13commit | diff
USB: core: harden cdc_parse_cdc_header

Andrey Konovalov reported a possible out-of-bounds problem for the
cdc_parse_cdc_header function.  He writes:
It looks like cdc_parse_cdc_header() doesn't validate buflen
before accessing buffer[1], buffer[2] and so on. The only check
present is while (buflen > 0).

So fix this issue up by properly validating the buffer length matches
what the descriptor says it is.

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/core/message.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.