32 lines
1.2 KiB
Diff
32 lines
1.2 KiB
Diff
From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
|
|
Date: Mon, 6 Nov 2017 15:37:22 +0100
|
|
Subject: net: cdc_ether: fix divide by 0 on bad descriptors
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
Origin: https://git.kernel.org/linus/2cb80187ba065d7decad7c6614e35e07aec8a974
|
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16649
|
|
|
|
Setting dev->hard_mtu to 0 will cause a divide error in
|
|
usbnet_probe. Protect against devices with bogus CDC Ethernet
|
|
functional descriptors by ignoring a zero wMaxSegmentSize.
|
|
|
|
Signed-off-by: Bjørn Mork <bjorn@mork.no>
|
|
Acked-by: Oliver Neukum <oneukum@suse.com>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
---
|
|
drivers/net/usb/cdc_ether.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
--- a/drivers/net/usb/cdc_ether.c
|
|
+++ b/drivers/net/usb/cdc_ether.c
|
|
@@ -221,7 +221,7 @@ skip:
|
|
goto bad_desc;
|
|
}
|
|
|
|
- if (header.usb_cdc_ether_desc) {
|
|
+ if (header.usb_cdc_ether_desc && info->ether->wMaxSegmentSize) {
|
|
dev->hard_mtu = le16_to_cpu(info->ether->wMaxSegmentSize);
|
|
/* because of Zaurus, we may be ignoring the host
|
|
* side link address we were given.
|