From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Subject: [v2] USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Message-Id: <20181210080443.GA27035@kroah.com>
Date: Mon, 10 Dec 2018 09:04:43 +0100
To: "David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org
Cc: linux-usb@vger.kernel.org, Sebastian Andrzej Siewior <bigeasy@linutronix.de>, Hui Peng <benquike@gmail.com>, Mathias Payer <mathias.payer@nebelwelt.net>
List-ID: <linux-usb.vger.kernel.org>

RnJvbTogSHVpIFBlbmcgPGJlbnF1aWtlQGdtYWlsLmNvbT4KClRoZSBmdW5jdGlvbiBoc29fcHJv
YmUgcmVhZHMgaWZfbnVtIGZyb20gdGhlIFVTQiBkZXZpY2UgKGFzIGFuIHU4KSBhbmQgdXNlcwpp
dCB3aXRob3V0IGEgbGVuZ3RoIGNoZWNrIHRvIGluZGV4IGFuIGFycmF5LCByZXN1bHRpbmcgaW4g
YW4gT09CIG1lbW9yeSByZWFkCmluIGhzb19wcm9iZSBvciBoc29fZ2V0X2NvbmZpZ19kYXRhLiBB
ZGRlZCBhIGxlbmd0aCBjaGVjayBmb3IgYm90aCBsb2NhdGlvbnMKYW5kIHVwZGF0ZWQgaHNvX3By
b2JlIHRvIGJhaWwgb24gZXJyb3IuCgpUaGlzIGlzc3VlIGhhcyBiZWVuIGFzc2lnbmVkIENWRS0y
MDE4LTE5OTg1LgoKUmVwb3J0ZWQtYnk6IEh1aSBQZW5nIDxiZW5xdWlrZUBnbWFpbC5jb20+ClJl
cG9ydGVkLWJ5OiBNYXRoaWFzIFBheWVyIDxtYXRoaWFzLnBheWVyQG5lYmVsd2VsdC5uZXQ+ClNp
Z25lZC1vZmYtYnk6IEh1aSBQZW5nIDxiZW5xdWlrZUBnbWFpbC5jb20+ClNpZ25lZC1vZmYtYnk6
IE1hdGhpYXMgUGF5ZXIgPG1hdGhpYXMucGF5ZXJAbmViZWx3ZWx0Lm5ldD4KU2lnbmVkLW9mZi1i
eTogR3JlZyBLcm9haC1IYXJ0bWFuIDxncmVna2hAbGludXhmb3VuZGF0aW9uLm9yZz4KLS0tCnYy
OiBmaXhlZCBlcnJvciBjaGVjayB0byBqdXN0IGJlIDwgMAogICAgQWRkZWQgQ1ZFIHRvIGNoYW5n
ZWxvZyB0ZXh0CgogZHJpdmVycy9uZXQvdXNiL2hzby5jIHwgMTggKysrKysrKysrKysrKysrKy0t
CiAxIGZpbGUgY2hhbmdlZCwgMTYgaW5zZXJ0aW9ucygrKSwgMiBkZWxldGlvbnMoLSkKCmRpZmYg
LS1naXQgYS9kcml2ZXJzL25ldC91c2IvaHNvLmMgYi9kcml2ZXJzL25ldC91c2IvaHNvLmMKaW5k
ZXggMTg0YzI0YmFjYTE1Li5kNjkxNmY3ODdmY2UgMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvbmV0L3Vz
Yi9oc28uYworKysgYi9kcml2ZXJzL25ldC91c2IvaHNvLmMKQEAgLTI4MDcsNiArMjgwNywxMiBA
QCBzdGF0aWMgaW50IGhzb19nZXRfY29uZmlnX2RhdGEoc3RydWN0IHVzYl9pbnRlcmZhY2UgKmlu
dGVyZmFjZSkKIAkJcmV0dXJuIC1FSU87CiAJfQogCisJLyogY2hlY2sgaWYgd2UgaGF2ZSBhIHZh
bGlkIGludGVyZmFjZSAqLworCWlmIChpZl9udW0gPiAxNikgeworCQlrZnJlZShjb25maWdfZGF0
YSk7CisJCXJldHVybiAtRUlOVkFMOworCX0KKwogCXN3aXRjaCAoY29uZmlnX2RhdGFbaWZfbnVt
XSkgewogCWNhc2UgMHgwOgogCQlyZXN1bHQgPSAwOwpAQCAtMjg3NywxMCArMjg4MywxOCBAQCBz
dGF0aWMgaW50IGhzb19wcm9iZShzdHJ1Y3QgdXNiX2ludGVyZmFjZSAqaW50ZXJmYWNlLAogCiAJ
LyogR2V0IHRoZSBpbnRlcmZhY2UvcG9ydCBzcGVjaWZpY2F0aW9uIGZyb20gZWl0aGVyIGRyaXZl
cl9pbmZvIG9yIGZyb20KIAkgKiB0aGUgZGV2aWNlIGl0c2VsZiAqLwotCWlmIChpZC0+ZHJpdmVy
X2luZm8pCisJaWYgKGlkLT5kcml2ZXJfaW5mbykgeworCQkvKiBpZl9udW0gaXMgY29udHJvbGxl
ZCBieSB0aGUgZGV2aWNlLCBkcml2ZXJfaW5mbyBpcyBhIDAgdGVybWluYXRlZAorCQkgKiBhcnJh
eS4gTWFrZSBzdXJlLCB0aGUgYWNjZXNzIGlzIGluIGJvdW5kcyEgKi8KKwkJZm9yIChpID0gMDsg
aSA8PSBpZl9udW07ICsraSkKKwkJCWlmICgoKHUzMiAqKShpZC0+ZHJpdmVyX2luZm8pKVtpXSA9
PSAwKQorCQkJCWdvdG8gZXhpdDsKIAkJcG9ydF9zcGVjID0gKCh1MzIgKikoaWQtPmRyaXZlcl9p
bmZvKSlbaWZfbnVtXTsKLQllbHNlCisJfSBlbHNlIHsKIAkJcG9ydF9zcGVjID0gaHNvX2dldF9j
b25maWdfZGF0YShpbnRlcmZhY2UpOworCQlpZiAocG9ydF9zcGVjIDwgMCkKKwkJCWdvdG8gZXhp
dDsKKwl9CiAKIAkvKiBDaGVjayBpZiB3ZSBuZWVkIHRvIHN3aXRjaCB0byBhbHQgaW50ZXJmYWNl
cyBwcmlvciB0byBwb3J0CiAJICogY29uZmlndXJhdGlvbiAqLwo=