USB: validate wMaxPacketValue entries in endpoint descriptors - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Alan Stern <stern@rowland.harvard.edu>	2016-08-01 15:25:56 -0400
committer	Mister Oyster <oysterized@gmail.com>	2017-04-11 10:58:02 +0200
commit	9a65d384b82b5491d52cefbff1b985b83e99a170 (patch)
tree	abb4c1b3e0b533ecd2dc25cfe5c22a75f0a96631 /kernel/debug
parent	5fe550ee4b3cc59658a5c7ce16a3c3dceea95db7 (diff)

USB: validate wMaxPacketValue entries in endpoint descriptors

commit aed9d65ac3278d4febd8665bd7db59ef53e825fe upstream. Erroneous or malicious endpoint descriptors may have non-zero bits in reserved positions, or out-of-bounds values. This patch helps prevent these from causing problems by bounds-checking the wMaxPacketValue entries in endpoint descriptors and capping the values at the maximum allowed. This issue was first discovered and tests were conducted by Jake Lamberson <jake.lamberson1@gmail.com>, an intern working for Rosie Hall. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: roswest <roswest@cisco.com> Tested-by: roswest <roswest@cisco.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [wt: adjusted to 3.10 -- no USB_SPEED_SUPER_PLUS] Signed-off-by: Willy Tarreau <w@1wt.eu>

Diffstat (limited to 'kernel/debug')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: