Since cbw.Length can be less that sizeof(cbw.CDB), add code to zero the whole struct out to avoid sending random stack data as a part of payload. There's no known case where this causes a problem, but it's a reasonable thing to do anyway. Signed-off-by: Andrey Smirnov <andrew.smirnov@xxxxxxxxx> --- drivers/usb/storage/transport.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/storage/transport.c b/drivers/usb/storage/transport.c index 48ccee207..5186508ba 100644 --- a/drivers/usb/storage/transport.c +++ b/drivers/usb/storage/transport.c @@ -115,6 +115,7 @@ int usb_stor_Bulk_transport(struct us_blk_dev *usb_blkdev, cbw.Length = cmdlen; /* copy the command payload */ + memset(cbw.CDB, 0, sizeof(cbw.CDB)); memcpy(cbw.CDB, cmd, cbw.Length); /* send it to out endpoint */ -- 2.21.0 _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
