sst-linux

History

Jann Horn 8ca7d88413 usb: cdc-acm: Fix handling of oversized fragments commit 12e712964f41d05ae034989892de445781c46730 upstream. If we receive an initial fragment of size 8 bytes which specifies a wLength of 1 byte (so the reassembled message is supposed to be 9 bytes long), and we then receive a second fragment of size 9 bytes (which is not supposed to happen), we currently wrongly bypass the fragment reassembly code but still pass the pointer to the acm->notification_buffer to acm_process_notification(). Make this less wrong by always going through fragment reassembly when we expect more fragments. Before this patch, receiving an overlong fragment could lead to `newctrl` in acm_process_notification() being uninitialized data (instead of data coming from the device). Cc: stable <stable@kernel.org> Fixes: `ea2583529c` ("cdc-acm: reassemble fragmented notifications") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2025-02-21 13:50:03 +01:00
..
cdc-acm.c	usb: cdc-acm: Fix handling of oversized fragments	2025-02-21 13:50:03 +01:00
cdc-acm.h
cdc-wdm.c
Kconfig
Makefile
usblp.c	USB: usblp: return error when setting unsupported protocol	2025-01-17 13:34:45 +01:00
usbtmc.c	USB: usbtmc: prevent kernel-usb-infoleak	2024-09-30 16:23:56 +02:00