git.baikalelectronics.ru Git - kernel.git/commit

author	Bjørn Mork <bjorn@mork.no>
	Fri, 2 May 2014 21:27:00 +0000 (23:27 +0200)
committer	David S. Miller <davem@davemloft.net>
	Mon, 5 May 2014 19:19:31 +0000 (15:19 -0400)
commit	ed2d2300ad6f1704e354223ce8c3e5e731ea4bdb
tree	cba3b2ee49afcb899343f01c4de77bf020176e69	tree \| snapshot
parent	1fc048136849cccd47f2affa3b5c136a8de75781	commit \| diff

net: cdc_ncm: fix buffer overflow

Commit cca71be1bbc1 ("net: cdc_ncm: no point in filling up the NTBs
if we send ZLPs") changed the padding logic for devices with the ZLP
flag set. This meant that frames of any size will be sent without
additional padding, except for the single byte added if the size is
a multiple of the USB packet size. But if the unpadded size is
identical to the maximum frame size, and the maximum size is a
multiplum of the USB packet size, then this one-byte padding will
overflow the buffer.

Prevent padding if already at maximum frame size, letting usbnet
transmit a ZLP instead in this case.

Fixes: cca71be1bbc1 ("net: cdc_ncm: no point in filling up the NTBs if we send ZLPs")
Reported by: Yu-an Shih <yshih@nvidia.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>