From: Bjørn Mork <[email protected]>
Date: Mon, 23 Nov 2015 14:32:10 +0100
> Commit 77b0a099674a ("cdc-ncm: use common parser") added a dangerous
> new trust in the CDC functional descriptors presented by the device,
> unconditionally assuming that any device handled by the driver has
> a CDC Union descriptor.
>
> This descriptor is required by the NCM and MBIM specs, but crashing
> on non-compliant devices is still unacceptable. Not only will that
> allow malicious devices to crash the kernel, but in this case it is
> also well known that there are non-compliant real devices on the
> market - as shown by the comment accompanying the IAD workaround
> in the same function.
>
> The Sierra Wireless EM7305 is an example of such device, having
> a CDC header and a CDC MBIM descriptor but no CDC Union:
...
> The conversion to a common parser also left the local cdc_union
> variable untouched. This caused the IAD workaround code to be applied
> to all devices with an IAD descriptor, which was never intended. Finish
> the conversion by testing for hdr.usb_cdc_union_desc instead.
>
> Cc: Oliver Neukum <[email protected]>
> Fixes: 77b0a099674a ("cdc-ncm: use common parser")
> Signed-off-by: Bjørn Mork <[email protected]>
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
