mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-09-22 04:31:58 +08:00
907767da8f
The driver uses endpoint-sized USB transfer buffers but had no sanity
checks on the sizes. This can lead to zero-size-pointer dereferences or
overflowed transfer buffers in ni6501_port_command() and
ni6501_counter_command() if a (malicious) device has smaller max-packet
sizes than expected (or when doing descriptor fuzz testing).
Add the missing sanity checks to probe().
Fixes:
|
||
---|---|---|
.. | ||
drivers | ||
kcomedilib | ||
comedi_buf.c | ||
comedi_fops.c | ||
comedi_internal.h | ||
comedi_pci.c | ||
comedi_pci.h | ||
comedi_pcmcia.c | ||
comedi_pcmcia.h | ||
comedi_usb.c | ||
comedi_usb.h | ||
comedi.h | ||
comedidev.h | ||
comedilib.h | ||
drivers.c | ||
Kconfig | ||
Makefile | ||
proc.c | ||
range.c | ||
TODO |