summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOliver Neukum <oneukum@suse.com>2019-08-13 11:35:41 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-08-25 10:51:49 +0200
commit911a8ca7697b26e95b7ec30b94cd5910bee546ff (patch)
tree70fac1fab63b80656daad508d978e783fe3a11d6
parentfccd6134d5addf2be1407e3250efdc854b5c5d8a (diff)
downloadlinux-stable-911a8ca7697b26e95b7ec30b94cd5910bee546ff.tar.gz
linux-stable-911a8ca7697b26e95b7ec30b94cd5910bee546ff.tar.bz2
linux-stable-911a8ca7697b26e95b7ec30b94cd5910bee546ff.zip
USB: CDC: fix sanity checks in CDC union parser
commit 54364278fb3cabdea51d6398b07c87415065b3fc upstream. A few checks checked for the size of the pointer to a structure instead of the structure itself. Copy & paste issue presumably. Fixes: e4c6fb7794982 ("usbnet: move the CDC parser into USB core") Cc: stable <stable@vger.kernel.org> Reported-by: syzbot+45a53506b65321c1fe91@syzkaller.appspotmail.com Signed-off-by: Oliver Neukum <oneukum@suse.com> Link: https://lore.kernel.org/r/20190813093541.18889-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat
-rw-r--r--drivers/usb/core/message.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
index 955cd6552e95..d6075d45e10a 100644
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -2142,14 +2142,14 @@ int cdc_parse_cdc_header(struct usb_cdc_parsed_header *hdr,
(struct usb_cdc_dmm_desc *)buffer;
break;
case USB_CDC_MDLM_TYPE:
- if (elength < sizeof(struct usb_cdc_mdlm_desc *))
+ if (elength < sizeof(struct usb_cdc_mdlm_desc))
goto next_desc;
if (desc)
return -EINVAL;
desc = (struct usb_cdc_mdlm_desc *)buffer;
break;
case USB_CDC_MDLM_DETAIL_TYPE:
- if (elength < sizeof(struct usb_cdc_mdlm_detail_desc *))
+ if (elength < sizeof(struct usb_cdc_mdlm_detail_desc))
goto next_desc;
if (detail)
return -EINVAL;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-28 20:06:06 +0000