USB: core: prevent malicious bNumInterfaces overflow - kernel

diff options

author	Alan Stern <[email protected]>	2017-12-12 19:25:13 +0000
committer	Greg Kroah-Hartman <[email protected]>	2017-12-13 11:28:43 +0000
commit	48a4ff1c7bb5a32d2e396b03132d20d552c0eca7 (patch)
tree	4cb8b7afc26ba9e3ad44425f393baa08715c4852 /fs/jbd2/commit.c
parent	Revert "USB: core: only clean up what we allocated" (diff)
download	kernel-48a4ff1c7bb5a32d2e396b03132d20d552c0eca7.tar.gz kernel-48a4ff1c7bb5a32d2e396b03132d20d552c0eca7.zip

USB: core: prevent malicious bNumInterfaces overflow

A malicious USB device with crafted descriptors can cause the kernel to access unallocated memory by setting the bNumInterfaces value too high in a configuration descriptor. Although the value is adjusted during parsing, this adjustment is skipped in one of the error return paths. This patch prevents the problem by setting bNumInterfaces to 0 initially. The existing code already sets it to the proper value after parsing is complete. Signed-off-by: Alan Stern <[email protected]> Reported-by: Andrey Konovalov <[email protected]> CC: <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>

Diffstat (limited to 'fs/jbd2/commit.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: