From 1ca532e9916a277b0e87271e6b367a3774808035 Mon Sep 17 00:00:00 2001
From: Michel Pollet
Date: Thu, 10 May 2018 14:09:09 +0100
Subject: USB: rndis: Fix for handling garbled messages

A message can be forged to crash the stack; here we make sure we don't
completely break the system if this occurs

Signed-off-by: Michel Pollet <michel.pollet@bp.renesas.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
---
 drivers/usb/gadget/function/rndis.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'drivers/usb/gadget')

diff --git a/drivers/usb/gadget/function/rndis.c b/drivers/usb/gadget/function/rndis.c
index 51dd3e90b06c..04c142c13075 100644
--- a/drivers/usb/gadget/function/rndis.c
+++ b/drivers/usb/gadget/function/rndis.c
@@ -851,6 +851,9 @@ int rndis_msg_parser(struct rndis_params *params, u8 *buf)
 		 */
 		pr_warn("%s: unknown RNDIS message 0x%08X len %d\n",
 			__func__, MsgType, MsgLength);
+		/* Garbled message can be huge, so limit what we display */
+		if (MsgLength > 16)
+			MsgLength = 16;
 		print_hex_dump_bytes(__func__, DUMP_PREFIX_OFFSET,
 				     buf, MsgLength);
 		break;
-- 
cgit v1.2.3