USB: validate wMaxPacketValue entries in endpoint descriptors (aed9d65a) · Commits · Mirrors / github.com / raspberrypi_linux · GitLab

Commit aed9d65a authored Aug 01, 2016 by

Alan Stern Committed by Greg Kroah-Hartman Aug 09, 2016

USB: validate wMaxPacketValue entries in endpoint descriptors



Erroneous or malicious endpoint descriptors may have non-zero bits in
reserved positions, or out-of-bounds values.  This patch helps prevent
these from causing problems by bounds-checking the wMaxPacketValue
entries in endpoint descriptors and capping the values at the maximum
allowed.

This issue was first discovered and tests were conducted by Jake Lamberson
<jake.lamberson1@gmail.com>, an intern working for Rosie Hall.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: roswest <roswest@cisco.com>
Tested-by: roswest <roswest@cisco.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 9c6256a5

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit ef284f08
· Dec 18, 2021

mentioned in commit ef284f08

mentioned in commit ef284f086dd07451bef391fc0a7f47a24b3b9e02

Toggle commit list

Please register or to comment