projects
/
platform
/
core
/
system
/
initrd-flash.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
730b296
)
usd: Check validation of set_line_coding packet size.
85/271485/1
accepted/tizen/unified/20220222.132921
submit/tizen/20220222.053708
author
Dongwoo Lee
<dwoo08.lee@samsung.com>
Tue, 22 Feb 2022 04:24:12 +0000
(13:24 +0900)
committer
Dongwoo Lee
<dwoo08.lee@samsung.com>
Tue, 22 Feb 2022 04:24:12 +0000
(13:24 +0900)
To prevent vulnerable memory allocation of set_line_conding packet,
check validation of set_line_coding packet size value.
Change-Id: I0db4860477769622a79d4b0b6d18d3518c795d59
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
src/usb.c
patch
|
blob
|
history
diff --git
a/src/usb.c
b/src/usb.c
index
8de12e4
..
03bcada
100644
(file)
--- a/
src/usb.c
+++ b/
src/usb.c
@@
-252,6
+252,9
@@
static void *ep0_handler(void *data)
int value = __le16_to_cpu(ctrl->wLength);
char *buf;
+ if (value != sizeof(struct usb_cdc_line_coding))
+ goto err;
+
buf = malloc(value);
if (!buf)
goto err;