| commit | e749e709caba83d1051072a92a79c07774978ef8 | |
| author | Vincent Pelletier <plr.vincent@gmail.com> | |
| Wed, 18 Jan 2017 00:57:44 +0000 (18 00:57 +0000) | ||
| committer | Sasha Levin <alexander.levin@verizon.com> | |
| Mon, 6 Mar 2017 22:31:11 +0000 (6 17:31 -0500) | ||
| tree | 6fd4f3c2b96cfa5b6c0718b71d1aa9728d7cf3d3 | treesnapshot (tar.gz zip) |
| parent | 2f048d6ae6b2ccde5ecd84d07a3a37f83435dc10 | commitdiff |
usb: gadget: f_fs: Assorted buffer overflow checks.
[ Upstream commit 83e526f2a2fa4b2e82b6bd3ddbb26b70acfa8947 ]
OS descriptor head, when flagged as provided, is accessed without
checking if it fits in provided buffer. Verify length before access.
Also, there are other places where buffer length it checked
after accessing offsets which are potentially past the end. Check
buffer length before as well to fail cleanly.
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Acked-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[ Upstream commit 83e526f2a2fa4b2e82b6bd3ddbb26b70acfa8947 ]
OS descriptor head, when flagged as provided, is accessed without
checking if it fits in provided buffer. Verify length before access.
Also, there are other places where buffer length it checked
after accessing offsets which are potentially past the end. Check
buffer length before as well to fail cleanly.
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Acked-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
| drivers/usb/gadget/function/f_fs.c | diffblobblamehistory |