Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 654b404f2a222f918af9b0cd18ad469d0c941a8e
commit654b404f2a222f918af9b0cd18ad469d0c941a8e[log] [tgz]
authorJohan Hovold <johan@kernel.org>Mon Mar 06 17:36:40 2017 +0100
committerJohan Hovold <johan@kernel.org>Wed Mar 08 16:14:39 2017 +0100
treeb7e70ce55058ed9d8e8581e152457e3a42b22b5b
parent367ec1706745912702c187722065285cd4d2aee7 [diff]
USB: serial: io_ti: fix information leak in completion handler

Add missing sanity check to the bulk-in completion handler to avoid an
integer underflow that can be triggered by a malicious device.

This avoids leaking 128 kB of memory content from after the URB transfer
buffer to user space.

Fixes: 8c209e6782ca ("USB: make actual_length in struct urb field u32")
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>	# 2.6.30
Signed-off-by: Johan Hovold <johan@kernel.org>
1 file changed
tree: b7e70ce55058ed9d8e8581e152457e3a42b22b5b
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README