Andrew Morton wrote:
But I wonder if the code will still work. Because we then go on to do
secd_size = le16_to_cpu(secd->wTotalLength);
secd = krealloc(secd, secd_size, GFP_KERNEL);
which implies (to me) that the thing we read from the device might
indeed have been smaller than we expected, in which case the
newly-fixed check will cause a failure.
We first read the security descriptor which tells use the total length
of the security descriptor plus all the following encryption type
descriptors. Your revised patch is fine.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
