android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
33af776a8d
android_kernel_xiaomi_sm8450/drivers/usb/gadget
History
Szymon Heidrich c79538f32d usb: gadget: uvc: Prevent buffer overflow in setup handler 
commit 4c92670b16727365699fe4b19ed32013bab2c107 upstream.

Setup function uvc_function_setup permits control transfer
requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),
data stage handler for OUT transfer uses memcpy to copy req->actual
bytes to uvc_event->data.data array of size 60. This may result
in an overflow of 4 bytes.

Fixes: cdda479f15 ("USB gadget: video class function driver")
Cc: stable <stable@kernel.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com>
Signed-off-by: Szymon Heidrich <szymon.heidrich@gmail.com>
Link: https://lore.kernel.org/r/20221206141301.51305-1-szymon.heidrich@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-12-21 17:32:06 +01:00
..
function usb: gadget: uvc: Prevent buffer overflow in setup handler 2022-12-21 17:32:06 +01:00
legacy gadgetfs: ep_io - wait until IRQ finishes 2022-08-25 11:38:15 +02:00
udc usb: bdc: change state when port disconnected 2022-11-03 23:57:49 +09:00
composite.c USB: gadget: validate interface OS descriptor requests 2022-02-16 12:54:28 +01:00
config.c usb: fix various gadget panics on 10gbps cabling 2021-06-16 12:01:43 +02:00
configfs.c usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() 2022-05-09 09:04:58 +02:00
configfs.h
epautoconf.c
functions.c
Kconfig usb: gadget: select CONFIG_CRC32 2021-01-12 20:18:20 +01:00
Makefile
u_f.c
u_f.h USB: gadget: u_f: Unbreak offset calculation in VLAs 2020-08-27 09:25:06 +02:00
u_os_desc.h
usbstring.c usb: gadget: fix langid kernel-doc warning in usbstring.c 2020-07-09 10:13:07 +03:00