diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-09-21 16:58:48 +0200 | 
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-09-21 17:01:38 +0200 | 
| commit | 2e1c42391ff2556387b3cb6308b24f6f65619feb (patch) | |
| tree | de17bf75f6f81fb1d2d14748ede49e7d3f3c2f88 /tools/perf/scripts/python/export-to-sqlite.py | |
| parent | 60e70ecd7ae0f09ed07699517071eacb01c26d13 (diff) | |
USB: core: harden cdc_parse_cdc_header
Andrey Konovalov reported a possible out-of-bounds problem for the
cdc_parse_cdc_header function.  He writes:
	It looks like cdc_parse_cdc_header() doesn't validate buflen
	before accessing buffer[1], buffer[2] and so on. The only check
	present is while (buflen > 0).
So fix this issue up by properly validating the buffer length matches
what the descriptor says it is.
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'tools/perf/scripts/python/export-to-sqlite.py')
0 files changed, 0 insertions, 0 deletions
