Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 489ce642 authored by Arumuga Durai A's avatar Arumuga Durai A
Browse files

USB: gadget: mbim: Avoid copying uninitialized data to userspace 



A race condition bug in function 'mbim_bind_config' allows to
change 'mbim->xport' type to invalid value. This allows
mbim_ioctl() to copy the uninitialized data to userspace. Fix
this by avoiding copy_to_user() call when transport type is invalid.

Change-Id: If8e8b6d4e2c347e1aff529bed0a798128eaea07c
CRs-Fixed: 1102418
Signed-off-by: default avatarArumuga Durai A <cadurai@codeaurora.org>
parent a6d83d2e
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment