Module Name: src
Committed By: maxv
Date: Tue Jul 23 17:21:33 UTC 2019
Modified Files:
src/sys/dev/usb: usb_subr.c
Log Message:
1) If the descriptor length is bigger than the USB string descriptor
itself, error out. Otherwise there is a small overflow (seen on KASAN,
with bLength=255).
2) Make sure we have a config descriptor header, otherwise there are small
overflows (seen on KASAN, with wTotalLength=1).
3) Once we have the complete config descriptor, make sure its size didn't
change in the meantime. Otherwise there could be severe overflows.
4) Make sure we have a bos descriptor header, otherwise overflow, same
as 2).
ok mrg@ skrll@
To generate a diff of this commit:
cvs rdiff -u -r1.234 -r1.235 src/sys/dev/usb/usb_subr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
