USB: gadget: detect too-big endpoint 0 requests
commit
153a2d7e3350cc89d406ba2d35be8793a64c2038 upstream.
Sometimes USB hosts can ask for buffers that are too large from endpoint
0, which should not be allowed. If this happens for OUT requests, stall
the endpoint, but for IN requests, trim the request size to the endpoint
buffer size.
Mot-CRs-fixed: (CR)
CVE-Fixed: CVE-2021-39685
Bug:
210292376
Change-Id: I31c5a748a697b7ff28456b1caee117c2da3378f2
Co-developed-by: Szymon Heidrich <szymon.heidrich@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Gajjala Chakradhar <gajjalac@motorola.com>
Reviewed-on: https://gerrit.mot.com/
2197705
SME-Granted: SME Approvals Granted
SLTApproved: Slta Waiver
Tested-by: Jira Key
Reviewed-by: Xiangpo Zhao <zhaoxp3@motorola.com>
Submit-Approved: Jira Key
(cherry picked from commit
273f9ad1e901701ea311946408128e9651ed42f3)
projects / GitHub / MotorolaMobilityLLC / kernel-slsi.git / commit