linux/drivers/usb/gadget/function/rndis.c at 2d80f4054f7f901b8ad97358a9069616ac8524c7

Files

Dan Carpenter 65f3324f4b usb: gadget: rndis: prevent integer overflow in rndis_set_response()

If "BufOffset" is very large the "BufOffset + 8" operation can have an
integer overflow.

Cc: stable@kernel.org
Fixes: 38ea1eac7d ("usb: gadget: rndis: check size of RNDIS_MSG_SET command")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20220301080424.GA17208@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2022-03-15 15:48:57 +01:00

29 KiB

Raw Blame History

View Raw

29 KiB Raw Blame History

29 KiB

Raw Blame History