projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ca8a761) | patch
USB: gadget: detect too-big endpoint 0 requests
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 9 Dec 2021 17:59:27 +0000 (18:59 +0100)
committerSalvatore Bonaccorso <carnil@debian.org>
Sat, 18 Dec 2021 23:20:10 +0000 (23:20 +0000)
commit590511028987dd445c68a9cc90e8f930a82c4755
tree1d1a019693ff0d8758e1b9fcd8c09aa256fe16aftree | snapshot
parentca8a7618e2f5d20fb4d0394d8f6a166718e44116commit | diff
USB: gadget: detect too-big endpoint 0 requests

Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=36dfdf11af49d3c009c711fb16f5c6e7a274505d
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-39685

commit 153a2d7e3350cc89d406ba2d35be8793a64c2038 upstream.

Sometimes USB hosts can ask for buffers that are too large from endpoint
0, which should not be allowed.  If this happens for OUT requests, stall
the endpoint, but for IN requests, trim the request size to the endpoint
buffer size.

Co-developed-by: Szymon Heidrich <szymon.heidrich@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name USB-gadget-detect-too-big-endpoint-0-requests.patch
drivers/usb/gadget/composite.c diff | blob | history
drivers/usb/gadget/legacy/dbgp.c diff | blob | history
drivers/usb/gadget/legacy/inode.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.