USB: rndis: Fix for handling garbled messages

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

A message can be forged to crash the stack; here we make sure we don't
completely break the system if this occurs

Signed-off-by: Michel Pollet <michel.pollet@bp.renesas.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>

authored by

Michel Pollet and committed by

Felipe Balbi 8 years ago 1ca532e9 44feb8e6

1 changed file

expand all

drivers

usb

gadget

function

rndis.c

drivers/usb/gadget/function/rndis.c

··· 851 851 */ 852 852 pr_warn("%s: unknown RNDIS message 0x%08X len %d\n", 853 853 __func__, MsgType, MsgLength); 854 + /* Garbled message can be huge, so limit what we display */ 855 + if (MsgLength > 16) 856 + MsgLength = 16; 854 857 print_hex_dump_bytes(__func__, DUMP_PREFIX_OFFSET, 855 858 buf, MsgLength); 856 859 break;