Johan Hovold 907767da8f comedi: ni_usb6501: fix NULL-deref in command paths ... The driver uses endpoint-sized USB transfer buffers but had no sanity checks on the sizes. This can lead to zero-size-pointer dereferences or overflowed transfer buffers in ni6501_port_command() and ni6501_counter_command() if a (malicious) device has smaller max-packet sizes than expected (or when doing descriptor fuzz testing). Add the missing sanity checks to probe(). Fixes: a03bb00e50 ("staging: comedi: add NI USB-6501 support") Cc: stable@vger.kernel.org # 3.18 Cc: Luca Ellero <luca.ellero@brickedbrain.com> Reviewed-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20211027093529.30896-2-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2021-10-30 10:54:47 +02:00
..
drivers	comedi: ni_usb6501: fix NULL-deref in command paths	2021-10-30 10:54:47 +02:00
kcomedilib
comedi_buf.c
comedi_fops.c	comedi: Fix memory leak in compat_insnlist()	2021-09-21 17:53:54 +02:00
comedi_internal.h
comedi_pci.c
comedi_pci.h
comedi_pcmcia.c
comedi_pcmcia.h
comedi_usb.c
comedi_usb.h
comedi.h
comedidev.h
comedilib.h
drivers.c
Kconfig
Makefile
proc.c
range.c
TODO