The size of uvc_control_mapping is user controlled leading to a
potential heap overflow in the uvc driver. This adds a check to verify
the user provided size fits within the bounds of the defined buffer
size.
Originally-from: Richard Simmons
Signed-off-by: Guenter Roeck
---
Fixes CVE-2017-0627.
On Fri, Jun 30, 2017 at 09:21:56AM -0700, Guenter Roeck wrote:
> The size of uvc_control_mapping is user controlled leading to a
> potential heap overflow in the uvc driver. This adds a check to verify
> the user provided size fits within the bounds of the defined buffer
> size.
>
> Originally-fro
Any comments / feedback ?
Thanks,
Guenter
On Fri, Jun 30, 2017 at 09:21:56AM -0700, Guenter Roeck wrote:
> The size of uvc_control_mapping is user controlled leading to a
> potential heap overflow in the uvc driver. This adds a check to verify
> the user provided size fits within the bounds of th
Hi Guenter,
Thank you for the patch and sorry for the late reply.
On Friday 30 Jun 2017 09:21:56 Guenter Roeck wrote:
> The size of uvc_control_mapping is user controlled leading to a
> potential heap overflow in the uvc driver. This adds a check to verify
> the user provided size fits within the
