git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Bjørn Mork <bjorn@mork.no>
	Fri, 2 May 2014 21:27:00 +0000 (23:27 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 31 May 2014 20:20:36 +0000 (13:20 -0700)
commit	19ca28c306fcf825c165f6f3b9532bec479a60b4
tree	6852255ce8b640c72d9224edfc5e8fd0ebb0b19b	tree \| snapshot
parent	1b3ac8488ee4a5dd42b6c1809ca8e80fb64c549c	commit \| diff

net: cdc_ncm: fix buffer overflow

[ Upstream commit 9becd707841207652449a8dfd90fe9c476d88546 ]

Commit 4d619f625a60 ("net: cdc_ncm: no point in filling up the NTBs
if we send ZLPs") changed the padding logic for devices with the ZLP
flag set. This meant that frames of any size will be sent without
additional padding, except for the single byte added if the size is
a multiple of the USB packet size. But if the unpadded size is
identical to the maximum frame size, and the maximum size is a
multiplum of the USB packet size, then this one-byte padding will
overflow the buffer.

Prevent padding if already at maximum frame size, letting usbnet
transmit a ZLP instead in this case.

Fixes: 4d619f625a60 ("net: cdc_ncm: no point in filling up the NTBs if we send ZLPs")
Reported by: Yu-an Shih <yshih@nvidia.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>