Revision - 22d6576 - HID: u2fzero: ignore incomplete packets without data

Revision 22d65765f211cc83186fd8b87521159f354c0da9 authored by Andrej Shadura on 16 September 2021, 16:33:11 UTC, committed by Jiri Kosina on 22 September 2021, 07:31:18 UTC

HID: u2fzero: ignore incomplete packets without data

Since the actual_length calculation is performed unsigned, packets
shorter than 7 bytes (e.g. packets without data or otherwise truncated)
or non-received packets ("zero" bytes) can cause buffer overflow.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=214437
Fixes: 42337b9d4d958("HID: add driver for U2F Zero built-in LED and RNG")
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

1 parent d46ef75

Files
Changes

Permalinks

File	Mode	Size
chips
devices
hyperbus
lpddr
maps
nand
parsers
spi-nor
tests
ubi
Kconfig	-rw-r--r--	7.7 KB
Makefile	-rw-r--r--	964 bytes
ftl.c	-rw-r--r--	30.4 KB
inftlcore.c	-rw-r--r--	23.6 KB
inftlmount.c	-rw-r--r--	21.5 KB
mtd_blkdevs.c	-rw-r--r--	13.1 KB
mtdblock.c	-rw-r--r--	8.5 KB
mtdblock_ro.c	-rw-r--r--	1.6 KB
mtdchar.c	-rw-r--r--	26.1 KB
mtdconcat.c	-rw-r--r--	21.5 KB
mtdcore.c	-rw-r--r--	61.6 KB
mtdcore.h	-rw-r--r--	934 bytes
mtdoops.c	-rw-r--r--	10.9 KB
mtdpart.c	-rw-r--r--	18.6 KB
mtdpstore.c	-rw-r--r--	14.5 KB
mtdsuper.c	-rw-r--r--	4.9 KB
mtdswap.c	-rw-r--r--	33.1 KB
nftlcore.c	-rw-r--r--	22.1 KB
nftlmount.c	-rw-r--r--	25.1 KB
rfd_ftl.c	-rw-r--r--	17.3 KB
sm_ftl.c	-rw-r--r--	30.0 KB
sm_ftl.h	-rw-r--r--	2.2 KB
ssfdc.c	-rw-r--r--	11.2 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...