usb: gadget: f_fs: Assorted buffer overflow checks.
OS descriptor head, when flagged as provided, is accessed without checking if it fits in provided buffer. Verify length before access. Also, there are other places where buffer length it checked after accessing offsets which are potentially past the end. Check buffer length before as well to fail cleanly. Signed-off-by: NVincent Pelletier <plr.vincent@gmail.com> Acked-by: NFelipe Balbi <felipe.balbi@linux.intel.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Showing
想要评论请 注册 或 登录