Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 808b3542 authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman Committed by Ajay Agarwal
Browse files

USB: core: harden cdc_parse_cdc_header 



Andrey Konovalov reported a possible out-of-bounds problem for the
cdc_parse_cdc_header function.  He writes:
	It looks like cdc_parse_cdc_header() doesn't validate buflen
	before accessing buffer[1], buffer[2] and so on. The only check
	present is while (buflen > 0).

So fix this issue up by properly validating the buffer length matches
what the descriptor says it is.

Change-Id: I9c65dc98778aa357911e554c8d28deef2bf9a5b3
Reported-by: default avatarAndrey Konovalov <andreyknvl@google.com>
Tested-by: default avatarAndrey Konovalov <andreyknvl@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: 2e1c42391ff2556387b3cb6308b24f6f65619feb
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


Signed-off-by: default avatarSrinivasa Rao Kuppala <srkupp@codeaurora.org>
parent ed11739b
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment