]> www.infradead.org Git - users/jedix/linux-maple.git/commitdiff
projects / users / jedix / linux-maple.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b45b914)
net: cdc_ether: fix divide by 0 on bad descriptors
authorBjørn Mork <bjorn@mork.no>
Mon, 6 Nov 2017 14:37:22 +0000 (15:37 +0100)
committerJack Vogel <jack.vogel@oracle.com>
Wed, 11 Apr 2018 06:06:57 +0000 (23:06 -0700)
Orabug: 27841392
CVE: CVE-2017-16649

Setting dev->hard_mtu to 0 will cause a divide error in
usbnet_probe. Protect against devices with bogus CDC Ethernet
functional descriptors by ignoring a zero wMaxSegmentSize.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Brian Maly <brian.maly@oracle.com>
Conflicts:
drivers/net/usb/cdc_ether.c
whitespace correction

Reviewed-by: Jack Vogel <jack.vogel@oracle.com>
drivers/net/usb/cdc_ether.c patch | blob | history

diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c
index 4545e78840b0d9dc80ae4392b36cfcf588f17c3a..b61c5995c9d46877240635709a2a66f024f366b3 100644 (file)
--- a/drivers/net/usb/cdc_ether.c
+++ b/drivers/net/usb/cdc_ether.c
@@ -260,7 +260,8 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf)
                                goto bad_desc;
                        }
                        info->ether = (void *) buf;
-                       if (info->ether->bLength != sizeof(*info->ether)) {
+                       if (info->ether->bLength != sizeof(*info->ether) &&
+                           info->ether->wMaxSegmentSize) {
                                dev_dbg(&intf->dev, "CDC ether len %u\n",
                                        info->ether->bLength);
                                goto bad_desc;
Unnamed repository; edit this file 'description' to name the repository.