USB: rndis: Fix for handling garbled messages

A message can be forged to crash the stack; here we make sure we don't
completely break the system if this occurs

Signed-off-by: Michel Pollet <michel.pollet@bp.renesas.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>

diff --git a/drivers/usb/gadget/function/rndis.c b/drivers/usb/gadget/function/rndis.c
index 51dd3e9..04c142c 100644 (file)
--- a/drivers/usb/gadget/function/rndis.c
+++ b/drivers/usb/gadget/function/rndis.c
@@ -851,6 +851,9 @@ int rndis_msg_parser(struct rndis_params *params, u8 *buf)
                 */
                pr_warn("%s: unknown RNDIS message 0x%08X len %d\n",
                        __func__, MsgType, MsgLength);
+               /* Garbled message can be huge, so limit what we display */
+               if (MsgLength > 16)
+                       MsgLength = 16;
                print_hex_dump_bytes(__func__, DUMP_PREFIX_OFFSET,
                                     buf, MsgLength);
                break;