Google Git
Sign in
googlers / maze / linux / 9becd707841207652449a8dfd90fe9c476d88546
commit9becd707841207652449a8dfd90fe9c476d88546[log] [tgz]
authorBjørn Mork <bjorn@mork.no>Fri May 02 23:27:00 2014 +0200
committerDavid S. Miller <davem@davemloft.net>Mon May 05 15:19:31 2014 -0400
treecba3b2ee49afcb899343f01c4de77bf020176e69
parent9d4619c492c84e4c1e6d7127f1cbf55da04599d0 [diff]
net: cdc_ncm: fix buffer overflow

Commit 4d619f625a60 ("net: cdc_ncm: no point in filling up the NTBs
if we send ZLPs") changed the padding logic for devices with the ZLP
flag set.  This meant that frames of any size will be sent without
additional padding, except for the single byte added if the size is
a multiple of the USB packet size. But if the unpadded size is
identical to the maximum frame size, and the maximum size is a
multiplum of the USB packet size, then this one-byte padding will
overflow the buffer.

Prevent padding if already at maximum frame size, letting usbnet
transmit a ZLP instead in this case.

Fixes: 4d619f625a60 ("net: cdc_ncm: no point in filling up the NTBs if we send ZLPs")
Reported by: Yu-an Shih <yshih@nvidia.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: cba3b2ee49afcb899343f01c4de77bf020176e69
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS