USB: core: harden cdc_parse_cdc_header - kernel/linux.git

diff options

author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-09-21 17:58:48 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-09-21 18:01:38 +0300
commit	2e1c42391ff2556387b3cb6308b24f6f65619feb (patch)
tree	de17bf75f6f81fb1d2d14748ede49e7d3f3c2f88 /net/unix/sysctl_net_unix.c
parent	60e70ecd7ae0f09ed07699517071eacb01c26d13 (diff)
download	linux-2e1c42391ff2556387b3cb6308b24f6f65619feb.tar.xz

USB: core: harden cdc_parse_cdc_header

Andrey Konovalov reported a possible out-of-bounds problem for the cdc_parse_cdc_header function. He writes: It looks like cdc_parse_cdc_header() doesn't validate buflen before accessing buffer[1], buffer[2] and so on. The only check present is while (buflen > 0). So fix this issue up by properly validating the buffer length matches what the descriptor says it is. Reported-by: Andrey Konovalov <andreyknvl@google.com> Tested-by: Andrey Konovalov <andreyknvl@google.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'net/unix/sysctl_net_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: