Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 767f7a2cf33a135fe3f57010b51c3f6e92d7677d
commit767f7a2cf33a135fe3f57010b51c3f6e92d7677d[log] [tgz]
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>Thu Sep 21 16:58:48 2017 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Thu Oct 12 11:51:17 2017 +0200
tree98a847a5c5fb9f8eb41923b8caf6fd27c9a5284f
parentd77606e93d819ad4b8f57511ff61a629ced49750 [diff]
USB: core: harden cdc_parse_cdc_header

commit 2e1c42391ff2556387b3cb6308b24f6f65619feb upstream.

Andrey Konovalov reported a possible out-of-bounds problem for the
cdc_parse_cdc_header function.  He writes:
	It looks like cdc_parse_cdc_header() doesn't validate buflen
	before accessing buffer[1], buffer[2] and so on. The only check
	present is while (buflen > 0).

So fix this issue up by properly validating the buffer length matches
what the descriptor says it is.

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 98a847a5c5fb9f8eb41923b8caf6fd27c9a5284f
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS