usb: gadget: rndis: prevent integer overflow in rndis_set_response()
If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow. Cc: stable@kernel.org Fixes: 38ea1eac ("usb: gadget: rndis: check size of RNDIS_MSG_SET command") Signed-off-by:Dan Carpenter <dan.carpenter@oracle.com> Link: https://lore.kernel.org/r/20220301080424.GA17208@kili Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Loading
-
mentioned in commit 72b82786
-
mentioned in commit 96a9f031
-
mentioned in commit 0a21a3eb
-
mentioned in commit 853da167
-
mentioned in commit 056498dd
-
mentioned in commit d4020ad2
-
mentioned in commit 37ce3b41
-
mentioned in commit 4f351f1f
-
mentioned in commit a961cbde
-
mentioned in commit 89512d5e
-
mentioned in commit 10de8395
-
mentioned in commit f46f8240
-
mentioned in commit d162ca50
Please sign in to comment