usb: gadget: configfs: Fix OOB read on empty string write
commit 3014168731b7930300aab656085af784edc861f6 upstream. When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating that the length 'l' is greater than zero. This patch fixes the vulnerability by adding a check at the beginning of os_desc_qw_sign_store() and webusb_landingPage_store() to handle the zero-length input case gracefully by returning immediately. Signed-off-by:Xinyu Liu <katieeliu@tencent.com> Cc: stable <stable@kernel.org> Link: https://lore.kernel.org/r/tencent_B1C9481688D0E95E7362AB2E999DE8048207@qq.com Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Loading
Please register or sign in to comment