mirror of
https://github.com/torvalds/linux.git
synced 2025-12-07 20:06:24 +00:00
654b404f2a
Add missing sanity check to the bulk-in completion handler to avoid an integer underflow that can be triggered by a malicious device. This avoids leaking 128 kB of memory content from after the URB transfer buffer to user space. Fixes:8c209e6782("USB: make actual_length in struct urb field u32") Fixes:1da177e4c3("Linux-2.6.12-rc2") Cc: stable <stable@vger.kernel.org> # 2.6.30 Signed-off-by: Johan Hovold <johan@kernel.org>
77 KiB
77 KiB