projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 367ec17) | patch
USB: serial: io_ti: fix information leak in completion handler
authorJohan Hovold <johan@kernel.org>
Mon, 6 Mar 2017 16:36:40 +0000 (17:36 +0100)
committerJohan Hovold <johan@kernel.org>
Wed, 8 Mar 2017 15:14:39 +0000 (16:14 +0100)
commit654b404f2a222f918af9b0cd18ad469d0c941a8e
treeb7e70ce55058ed9d8e8581e152457e3a42b22b5btree | snapshot (tar.gz zip)
parent367ec1706745912702c187722065285cd4d2aee7commit | diff
USB: serial: io_ti: fix information leak in completion handler

Add missing sanity check to the bulk-in completion handler to avoid an
integer underflow that can be triggered by a malicious device.

This avoids leaking 128 kB of memory content from after the URB transfer
buffer to user space.

Fixes: 8c209e6782ca ("USB: make actual_length in struct urb field u32")
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org> # 2.6.30
Signed-off-by: Johan Hovold <johan@kernel.org>
drivers/usb/serial/io_ti.c diff | blob | blame | history