linux/drivers/usb/serial/safe_serial.c at 4e4f00a9b51a1c52ebdd728a1caeb3b9fe48c39d

mirror of https://github.com/raspberrypi/linux.git synced 2025-12-11 20:39:55 +00:00

Files

Johan Hovold 8c76d7cd52 USB: serial: safe_serial: fix information leak in completion handler

Add missing sanity check to the bulk-in completion handler to avoid an
integer underflow that could be triggered by a malicious device.

This avoids leaking up to 56 bytes from after the URB transfer buffer to
user space.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>

2017-03-08 16:14:42 +01:00

9.9 KiB

Raw Blame History

View Raw

9.9 KiB Raw Blame History

9.9 KiB

Raw Blame History