bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-14 13:43:20 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
cdcfd13a66eb53fd96dc480de79c423aa0de9d39
linux/drivers/usb/core
History
Alan Stern 4c5ae6a301 USB: core: prevent malicious bNumInterfaces overflow 
commit 48a4ff1c7b upstream.

A malicious USB device with crafted descriptors can cause the kernel
to access unallocated memory by setting the bNumInterfaces value too
high in a configuration descriptor.  Although the value is adjusted
during parsing, this adjustment is skipped in one of the error return
paths.

This patch prevents the problem by setting bNumInterfaces to 0
initially.  The existing code already sets it to the proper value
after parsing is complete.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:10:18 +01:00
..
buffer.c
usb: separate out sysdev pointer from usb_bus
2017-03-23 08:20:21 +01:00
config.c
USB: core: prevent malicious bNumInterfaces overflow
2017-12-20 10:10:18 +01:00
devices.c
usb: fix some references for /proc/bus/usb
2017-04-18 16:54:19 +02:00
devio.c
USB: usbfs: Filter flags passed in from user space
2017-12-10 13:40:44 +01:00
driver.c
usb: hub: Do not attempt to autosuspend disconnected devices
2017-03-23 08:13:22 +01:00
endpoint.c
Merge tag 'usb-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-next
2016-11-18 16:02:15 +01:00
file.c
USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously
2017-03-29 11:55:25 +02:00
generic.c
USB: core: add missing license information to some files
2016-10-29 12:51:56 -04:00
hcd-pci.c
USB / PCI / PM: Allow the PCI core to do the resume cleanup
2017-06-15 00:55:43 +02:00
hcd.c
Merge 4.13-rc5 into usb-next
2017-08-14 14:50:58 -07:00
hub.c
usb: hub: Cycle HUB power when initialization fails
2017-12-10 13:40:44 +01:00
hub.h
usb: Support USB 3.1 extended port status request
2016-01-24 20:16:52 -08:00
Kconfig
docs-rst: fix usb cross-references
2017-04-11 14:41:29 -06:00
ledtrig-usbport.c
usb: core: usbport: fix "BUG: key not in .data" when lockdep is enabled
2017-08-29 08:27:25 +02:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
message.c
USB: core: harden cdc_parse_cdc_header
2017-09-21 17:01:38 +02:00
notify.c
USB: core: add missing license information to some files
2016-10-29 12:51:56 -04:00
of.c
USB: of: document reference taken by child-lookup helper
2017-06-13 11:07:32 +02:00
otg_whitelist.h
usb: core: use IS_ENABLED() instead of checking for built-in or module
2016-09-02 14:36:33 +02:00
port.c
Revert "USB / PM: Allow USB devices to remain runtime-suspended when sleeping"
2016-05-02 08:44:31 -07:00
quirks.c
usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
2017-12-10 13:40:37 +01:00
sysfs.c
usb: Convert to using %pOF instead of full_name
2017-07-22 15:56:53 +02:00
urb.c
USB: core: replace %p with %pK
2017-05-17 11:27:41 +02:00
usb-acpi.c
usb: optimize acpi companion search for usb port devices
2017-06-03 18:02:58 +09:00
usb.c
USB: of: fix root-hub device-tree node handling
2017-06-13 11:07:32 +02:00
usb.h
USB: core: add missing license information to some files
2016-10-29 12:51:56 -04:00