archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 08:24:47 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/net/can
History
Greg Kroah-Hartman 38a01c9700 can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message 
When looking at the data in a USB urb, the actual_length is the size of
the buffer passed to the driver, not the transfer_buffer_length which is
set by the driver as the max size of the buffer.

When parsing the messages in ems_usb_read_bulk_callback() properly check
the size both at the beginning of parsing the message to make sure it is
big enough for the expected structure, and at the end of the message to
make sure we don't overflow past the end of the buffer for the next
message.

Cc: Vincent Mailhol <mailhol@kernel.org>
Cc: Marc Kleine-Budde <mkl@pengutronix.de>
Cc: stable@kernel.org
Assisted-by: gkh_clanker_2000
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://patch.msgid.link/2026022316-answering-strainer-a5db@gregkh
Fixes: 702171adee ("ems_usb: Added support for EMS CPC-USB/ARM7 CAN/USB interface")
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2026-03-02 11:03:42 +01:00
..
c_can can: treewide: remove can_change_mtu() 2025-10-17 09:57:13 +02:00
cc770 can: treewide: remove can_change_mtu() 2025-10-17 09:57:13 +02:00
ctucanfd Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
dev can: remove private CAN skb headroom infrastructure 2026-02-05 11:58:40 +01:00
esd can: convert generic HW timestamp ioctl to ndo_hwtstamp callbacks 2025-10-31 13:12:18 +01:00
flexcan can: treewide: remove can_change_mtu() 2025-10-17 09:57:13 +02:00
ifi_canfd can: treewide: remove can_change_mtu() 2025-10-17 09:57:13 +02:00
kvaser_pciefd can: convert generic HW timestamp ioctl to ndo_hwtstamp callbacks 2025-10-31 13:12:18 +01:00
m_can can: m_can: m_can_get_berr_counter(): don't wake up controller if interface is down 2025-10-17 15:17:19 +02:00
mscan can: treewide: remove can_change_mtu() 2025-10-17 09:57:13 +02:00
peak_canfd can: peak_canfd: convert to use ndo_hwtstamp callbacks 2025-10-31 13:12:18 +01:00
rcar can: rcar_canfd: Add RZ/T2H support 2026-01-16 20:51:18 +01:00
rockchip Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-10-23 10:53:08 -07:00
sja1000 Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
slcan kernel.h: drop hex.h and update all hex.h users 2026-01-20 19:44:19 -08:00
softing Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
spi can: mcp251x: fix deadlock in error path of mcp251x_open 2026-03-02 10:24:41 +01:00
usb can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message 2026-03-02 11:03:42 +01:00
at91_can.c can: at91_can: Fix memory leak in at91_can_probe() 2026-01-22 16:56:26 +01:00
bxcan.c can: bxcan: Fix a typo error for assign 2025-11-12 19:30:59 +01:00
can327.c kernel.h: drop hex.h and update all hex.h users 2026-01-20 19:44:19 -08:00
dummy_can.c can: dummy_can: dummy_can_init(): fix packet statistics 2026-03-02 10:24:41 +01:00
grcan.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
janz-ican3.c can: treewide: remove can_change_mtu() 2025-10-17 09:57:13 +02:00
Kconfig Revert "can: raw: instantly reject unsupported CAN frames" 2026-01-15 09:52:04 +01:00
Makefile Revert "can: raw: instantly reject unsupported CAN frames" 2026-01-15 09:52:04 +01:00
sun4i_can.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-11-27 12:19:08 -08:00
ti_hecc.c can: treewide: remove can_change_mtu() 2025-10-17 09:57:13 +02:00
vcan.c can: propagate CAN device capabilities via ml_priv 2026-01-15 09:52:04 +01:00
vxcan.c can: gw: use can_gw_hops instead of sk_buff::csum_start 2026-02-05 11:58:40 +01:00
xilinx_can.c can: treewide: remove can_change_mtu() 2025-10-17 09:57:13 +02:00