diff options
author | Oliver Neukum <oneukum@suse.com> | 2019-08-13 11:35:41 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-08-25 10:51:49 +0200 |
commit | 911a8ca7697b26e95b7ec30b94cd5910bee546ff (patch) | |
tree | 70fac1fab63b80656daad508d978e783fe3a11d6 | |
parent | fccd6134d5addf2be1407e3250efdc854b5c5d8a (diff) | |
download | linux-stable-911a8ca7697b26e95b7ec30b94cd5910bee546ff.tar.gz linux-stable-911a8ca7697b26e95b7ec30b94cd5910bee546ff.tar.bz2 linux-stable-911a8ca7697b26e95b7ec30b94cd5910bee546ff.zip |
USB: CDC: fix sanity checks in CDC union parser
commit 54364278fb3cabdea51d6398b07c87415065b3fc upstream.
A few checks checked for the size of the pointer to a structure
instead of the structure itself. Copy & paste issue presumably.
Fixes: e4c6fb7794982 ("usbnet: move the CDC parser into USB core")
Cc: stable <stable@vger.kernel.org>
Reported-by: syzbot+45a53506b65321c1fe91@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Link: https://lore.kernel.org/r/20190813093541.18889-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | drivers/usb/core/message.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c index 955cd6552e95..d6075d45e10a 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -2142,14 +2142,14 @@ int cdc_parse_cdc_header(struct usb_cdc_parsed_header *hdr, (struct usb_cdc_dmm_desc *)buffer; break; case USB_CDC_MDLM_TYPE: - if (elength < sizeof(struct usb_cdc_mdlm_desc *)) + if (elength < sizeof(struct usb_cdc_mdlm_desc)) goto next_desc; if (desc) return -EINVAL; desc = (struct usb_cdc_mdlm_desc *)buffer; break; case USB_CDC_MDLM_DETAIL_TYPE: - if (elength < sizeof(struct usb_cdc_mdlm_detail_desc *)) + if (elength < sizeof(struct usb_cdc_mdlm_detail_desc)) goto next_desc; if (detail) return -EINVAL; |