Commit 417b57b3 authored by Roel Kluin's avatar Roel Kluin Committed by Greg Kroah-Hartman

USB: gadget: Read buffer overflow

Check whether index is within bounds before testing the element.
Signed-off-by: default avatarRoel Kluin <roel.kluin@gmail.com>
Cc: David Brownell <david-b@pacbell.net>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent d0defb85
...@@ -602,7 +602,7 @@ static int get_string(struct usb_composite_dev *cdev, ...@@ -602,7 +602,7 @@ static int get_string(struct usb_composite_dev *cdev,
} }
} }
for (len = 0; s->wData[len] && len <= 126; len++) for (len = 0; len <= 126 && s->wData[len]; len++)
continue; continue;
if (!len) if (!len)
return -EINVAL; return -EINVAL;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment