]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 71250ee) | patch
USB: core: prevent malicious bNumInterfaces overflow
authorAlan Stern <stern@rowland.harvard.edu>
Tue, 12 Dec 2017 19:25:13 +0000 (14:25 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 13 Dec 2017 11:28:43 +0000 (12:28 +0100)
commitc241a66c5b4bdbf51a3064e9be2449b072a81848
tree4cb8b7afc26ba9e3ad44425f393baa08715c4852tree | snapshot
parent71250ee5e288e0a6374466052600bfc7d58b78cccommit | diff
USB: core: prevent malicious bNumInterfaces overflow

A malicious USB device with crafted descriptors can cause the kernel
to access unallocated memory by setting the bNumInterfaces value too
high in a configuration descriptor.  Although the value is adjusted
during parsing, this adjustment is skipped in one of the error return
paths.

This patch prevents the problem by setting bNumInterfaces to 0
initially.  The existing code already sets it to the proper value
after parsing is complete.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/core/config.c diff | blob | history
Linux Kernel Source Tree.