Xinyu Liu 3014168731 usb: gadget: configfs: Fix OOB read on empty string write ...

When writing an empty string to either 'qw_sign' or 'landingPage'
sysfs attributes, the store functions attempt to access page[l - 1]
before validating that the length 'l' is greater than zero.

This patch fixes the vulnerability by adding a check at the beginning
of os_desc_qw_sign_store() and webusb_landingPage_store() to handle
the zero-length input case gracefully by returning immediately.

Signed-off-by: Xinyu Liu <katieeliu@tencent.com>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/tencent_B1C9481688D0E95E7362AB2E999DE8048207@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2025-07-09 12:10:52 +02:00

..

function

usb: gadget: u_serial: Fix race condition in TTY wakeup

2025-06-19 12:41:13 +02:00

legacy

usb: gadget: g_ffs: Adjust f_ffs[0] allocation type

2025-05-01 17:30:45 +02:00

udc

treewide, timers: Rename from_timer() to timer_container_of()

2025-06-08 09:07:37 +02:00

composite.c

usb: gadget: Use get_status callback to set remote wakeup capability

2025-05-01 17:38:51 +02:00

config.c

usb: Reorganize kerneldoc parameter names

2024-10-04 15:14:23 +02:00

configfs.c

usb: gadget: configfs: Fix OOB read on empty string write

2025-07-09 12:10:52 +02:00

configfs.h

…

epautoconf.c

usb: gadget: epautoconf: Use USB API functions rather than constants

2025-05-21 13:13:22 +02:00

functions.c

…

Kconfig

usb: gadget: midi2: Reverse-select at the right place

2025-01-07 11:42:22 +01:00

Makefile

usb: gadget: Makefile: remove ccflags-y

2022-03-18 12:56:08 +01:00

u_f.c

usb: gadget: function: move u_f.h to include/linux/usb/func_utils.h

2024-09-03 09:57:08 +02:00

u_os_desc.h

move asm/unaligned.h to linux/unaligned.h

2024-10-02 17:23:23 -04:00

usbstring.c

drivers/usb/gadget: refactor min with min_t

2024-11-13 15:09:50 +01:00