From: Szymon Heidrich <szymon.heidrich@gmail.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: laurent.pinchart@ideasonboard.com,
Felipe Balbi <balbi@kernel.org>,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Prevent buffer overflow in UVC Gadget setup handler
Date: Thu, 1 Dec 2022 13:44:30 +0100 [thread overview]
Message-ID: <067f0a84-2b73-f7ef-fe05-5d5015b68eab@gmail.com> (raw)
In-Reply-To: <Y4ieBScmqVbZMrf9@kroah.com>
On 01/12/2022 13:28, Greg Kroah-Hartman wrote:
> On Thu, Dec 01, 2022 at 01:21:41PM +0100, Szymon Heidrich wrote:
>> Setup function uvc_function_setup permits control transfer
>> requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),
>> data stage handler for OUT transfer uses memcpy to copy req->actual
>> bytes to uvc_event->data.data array of size 60. This may result
>> in an overflow of 4 bytes.
>>
>> Signed-off-by: Szymon Heidrich <szymon.heidrich@gmail.com>
>> ---
>> drivers/usb/gadget/function/f_uvc.c | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> What commit id does this fix? Is it needed for stable kernels?
>
> thanks,
>
> greg k-h
As far as I understand this would be the original commit so cdda479f15cd13fa50a913ca85129c0437cc7b91.
I guess that it is also needed for stable kernels, yet please correct me if I'm wrong.
Best regards,
Szymon
next prev parent reply other threads:[~2022-12-01 12:44 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-01 12:21 [PATCH] Prevent buffer overflow in UVC Gadget setup handler Szymon Heidrich
2022-12-01 12:28 ` Greg Kroah-Hartman
2022-12-01 12:44 ` Szymon Heidrich [this message]
2022-12-01 13:49 ` Dan Scally
2022-12-01 14:22 ` Szymon Heidrich
2022-12-01 15:45 ` [PATCH v2] usb: gadget: uvc: Prevent buffer overflow in " Szymon Heidrich
2022-12-01 17:54 ` Greg Kroah-Hartman
2022-12-01 19:11 ` Szymon Heidrich
2022-12-06 11:33 ` Dan Scally
2022-12-06 14:13 ` [PATCH v3] " Szymon Heidrich
2022-12-06 21:21 ` Laurent Pinchart
2022-12-06 21:43 ` Szymon Heidrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=067f0a84-2b73-f7ef-fe05-5d5015b68eab@gmail.com \
--to=szymon.heidrich@gmail.com \
--cc=balbi@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox