• Bjørn Mork's avatar
    net: cdc_ncm: fix buffer overflow · 9becd707
    Bjørn Mork authored
    Commit 4d619f62 ("net: cdc_ncm: no point in filling up the NTBs
    if we send ZLPs") changed the padding logic for devices with the ZLP
    flag set.  This meant that frames of any size will be sent without
    additional padding, except for the single byte added if the size is
    a multiple of the USB packet size. But if the unpadded size is
    identical to the maximum frame size, and the maximum size is a
    multiplum of the USB packet size, then this one-byte padding will
    overflow the buffer.
    
    Prevent padding if already at maximum frame size, letting usbnet
    transmit a ZLP instead in this case.
    
    Fixes: 4d619f62 ("net: cdc_ncm: no point in filling up the NTBs if we send ZLPs")
    Reported by: Yu-an Shih <yshih@nvidia.com>
    Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    9becd707
cdc_ncm.c 35.8 KB