Please sign in to comment.
USB: core: harden cdc_parse_cdc_header
Andrey Konovalov reported a possible out-of-bounds problem for the cdc_parse_cdc_header function. He writes: It looks like cdc_parse_cdc_header() doesn't validate buflen before accessing buffer, buffer and so on. The only check present is while (buflen > 0). So fix this issue up by properly validating the buffer length matches what the descriptor says it is. Reported-by: Andrey Konovalov <email@example.com> Tested-by: Andrey Konovalov <firstname.lastname@example.org> Cc: stable <email@example.com> Signed-off-by: Greg Kroah-Hartman <firstname.lastname@example.org>
- Loading branch information...