]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 052a405) | patch
USB: validate wMaxPacketValue entries in endpoint descriptors
authorAlan Stern <stern@rowland.harvard.edu>
Mon, 1 Aug 2016 19:25:56 +0000 (15:25 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 9 Aug 2016 14:14:18 +0000 (16:14 +0200)
commit02c63fa3313bfa8a41a99bcadc3f04d1e4feaa3d
treef9a3decc5f7b42dc3b12e34b3fac1c20c3cbe713tree | snapshot
parent052a4052c3787da2ec9f83b18f87bd8462eb6e67commit | diff
USB: validate wMaxPacketValue entries in endpoint descriptors

Erroneous or malicious endpoint descriptors may have non-zero bits in
reserved positions, or out-of-bounds values.  This patch helps prevent
these from causing problems by bounds-checking the wMaxPacketValue
entries in endpoint descriptors and capping the values at the maximum
allowed.

This issue was first discovered and tests were conducted by Jake Lamberson
<jake.lamberson1@gmail.com>, an intern working for Rosie Hall.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: roswest <roswest@cisco.com>
Tested-by: roswest <roswest@cisco.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/core/config.c diff | blob | history
Linux Kernel Source Tree.