Commit 79067df9 authored by Johan Hovold's avatar Johan Hovold Committed by Zheng Zengkai
Browse files

comedi: vmk80xx: fix bulk-buffer overflow 

stable inclusion
from stable-5.10.79
commit b7fd7f3387f070215e6be341e68eb5c087eeecc0
bugzilla: 185793 https://gitee.com/openeuler/kernel/issues/I4K65C

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b7fd7f3387f070215e6be341e68eb5c087eeecc0



--------------------------------

commit 78cdfd62 upstream.

The driver is using endpoint-sized buffers but must not assume that the
tx and rx buffers are of equal size or a malicious device could overflow
the slab-allocated receive buffer when doing bulk transfers.

Fixes: 985cafcc ("Staging: Comedi: vmk80xx: Add k8061 support")
Cc: stable@vger.kernel.org      # 2.6.31
Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
Reviewed-by: default avatarIan Abbott <abbotti@mev.co.uk>
Link: https://lore.kernel.org/r/20211025114532.4599-5-johan@kernel.org


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarChen Jun <chenjun102@huawei.com>
Acked-by: default avatarWeilong Chen <chenweilong@huawei.com>

Signed-off-by: default avatarBin Li <huawei.libin@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 87b35b57
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment