superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/usb/gadget
History
Xinyu Liu 3014168731 usb: gadget: configfs: Fix OOB read on empty string write 
When writing an empty string to either 'qw_sign' or 'landingPage'
sysfs attributes, the store functions attempt to access page[l - 1]
before validating that the length 'l' is greater than zero.

This patch fixes the vulnerability by adding a check at the beginning
of os_desc_qw_sign_store() and webusb_landingPage_store() to handle
the zero-length input case gracefully by returning immediately.

Signed-off-by: Xinyu Liu <katieeliu@tencent.com>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/tencent_B1C9481688D0E95E7362AB2E999DE8048207@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2025-07-09 12:10:52 +02:00
..
function usb: gadget: u_serial: Fix race condition in TTY wakeup 2025-06-19 12:41:13 +02:00
legacy usb: gadget: g_ffs: Adjust f_ffs[0] allocation type 2025-05-01 17:30:45 +02:00
udc treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
Kconfig usb: gadget: midi2: Reverse-select at the right place 2025-01-07 11:42:22 +01:00
Makefile
composite.c usb: gadget: Use get_status callback to set remote wakeup capability 2025-05-01 17:38:51 +02:00
config.c usb: Reorganize kerneldoc parameter names 2024-10-04 15:14:23 +02:00
configfs.c usb: gadget: configfs: Fix OOB read on empty string write 2025-07-09 12:10:52 +02:00
configfs.h
epautoconf.c usb: gadget: epautoconf: Use USB API functions rather than constants 2025-05-21 13:13:22 +02:00
functions.c
u_f.c usb: gadget: function: move u_f.h to include/linux/usb/func_utils.h 2024-09-03 09:57:08 +02:00
u_os_desc.h move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
usbstring.c drivers/usb/gadget: refactor min with min_t 2024-11-13 15:09:50 +01:00