wonderful-mobile/exynos-linux-stable
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exynos-linux-stable/drivers/usb/core
History
Alan Stern 99542e468b USB: core: prevent malicious bNumInterfaces overflow 
commit 48a4ff1c7bb5a32d2e396b03132d20d552c0eca7 upstream.

A malicious USB device with crafted descriptors can cause the kernel
to access unallocated memory by setting the bNumInterfaces value too
high in a configuration descriptor.  Although the value is adjusted
during parsing, this adjustment is skipped in one of the error return
paths.

This patch prevents the problem by setting bNumInterfaces to 0
initially.  The existing code already sets it to the proper value
after parsing is complete.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-20 10:07:16 +01:00
..
buffer.c usb: core: buffer: avoid NULL pointer dereferrence 2016-04-28 12:35:36 -07:00
config.c USB: core: prevent malicious bNumInterfaces overflow 2017-12-20 10:07:16 +01:00
devices.c usb: core: rename mutex usb_bus_list_lock to usb_bus_idr_lock 2016-02-06 21:55:57 -08:00
devio.c USB: usbfs: Filter flags passed in from user space 2017-12-09 22:01:57 +01:00
driver.c usb: hub: Do not attempt to autosuspend disconnected devices 2017-05-20 14:28:36 +02:00
endpoint.c usb: endpoint: convert spaces to tabs 2015-08-14 16:50:36 -07:00
file.c USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously 2017-05-20 14:28:34 +02:00
generic.c staging: usbip: convert usbip-host driver to usb_device_driver 2014-02-07 10:54:30 -08:00
hcd-pci.c usb: hcd: out of bounds access in for_each_companion 2016-04-13 12:06:18 -07:00
hcd.c usb: hcd: initialize hcd->flags to 0 when rm hcd 2017-11-15 15:53:15 +01:00
hub.c usb: hub: Cycle HUB power when initialization fails 2017-12-09 22:01:56 +01:00
hub.h usb: Support USB 3.1 extended port status request 2016-01-24 20:16:52 -08:00
Kconfig usb: core: Introduce a USB port LED trigger 2016-09-27 12:20:17 +02:00
ledtrig-usbport.c usb: core: usbport: Use proper LED API to fix potential crash 2017-01-06 10:40:11 +01:00
Makefile usb: core: Introduce a USB port LED trigger 2016-09-27 12:20:17 +02:00
message.c USB: core: harden cdc_parse_cdc_header 2017-10-12 11:51:17 +02:00
notify.c usb: Add export.h for EXPORT_SYMBOL/THIS_MODULE where needed 2011-10-31 19:31:25 -04:00
of.c usb: core: of.c: fix defined but not declare warning 2016-08-09 16:16:13 +02:00
otg_whitelist.h usb: core: use IS_ENABLED() instead of checking for built-in or module 2016-09-02 14:36:33 +02:00
port.c Revert "USB / PM: Allow USB devices to remain runtime-suspended when sleeping" 2016-05-02 08:44:31 -07:00
quirks.c usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub 2017-12-09 22:01:47 +01:00
sysfs.c usb: no locking for reading descriptors in sysfs 2016-02-03 13:29:12 -08:00
urb.c USB: core: replace %p with %pK 2017-05-25 15:44:30 +02:00
usb-acpi.c usb: optimize acpi companion search for usb port devices 2017-08-24 17:12:21 -07:00
usb.c USB: core: fix device node leak 2017-07-12 15:01:03 +02:00
usb.h usb: define USB_SPEED_SUPER_PLUS speed for SuperSpeedPlus USB3.1 devices 2016-01-24 20:16:52 -08:00