From: Michel Pollet Date: Thu, 10 May 2018 13:09:09 +0000 (+0100) Subject: USB: rndis: Fix for handling garbled messages X-Git-Tag: pci-v4.18-changes-2~32^2~81^2~68 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=1ca532e9916a277b0e87271e6b367a3774808035;p=users%2Fdwmw2%2Flinux.git USB: rndis: Fix for handling garbled messages A message can be forged to crash the stack; here we make sure we don't completely break the system if this occurs Signed-off-by: Michel Pollet Signed-off-by: Felipe Balbi --- diff --git a/drivers/usb/gadget/function/rndis.c b/drivers/usb/gadget/function/rndis.c index 51dd3e90b06ca..04c142c130759 100644 --- a/drivers/usb/gadget/function/rndis.c +++ b/drivers/usb/gadget/function/rndis.c @@ -851,6 +851,9 @@ int rndis_msg_parser(struct rndis_params *params, u8 *buf) */ pr_warn("%s: unknown RNDIS message 0x%08X len %d\n", __func__, MsgType, MsgLength); + /* Garbled message can be huge, so limit what we display */ + if (MsgLength > 16) + MsgLength = 16; print_hex_dump_bytes(__func__, DUMP_PREFIX_OFFSET, buf, MsgLength); break;