From 85de58c03ccd20764dd5afa2efc8b2f1380c4259 Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <andrew.smirnov@gmail.com>
Date: Wed, 22 May 2019 00:33:47 -0700
Subject: usb: storage: Zero CDB out before sending it

Since cbw.Length can be less that sizeof(cbw.CDB), add code to zero
the whole struct out to avoid sending random stack data as a part of
payload. There's no known case where this causes a problem, but it's a
reasonable thing to do anyway.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 drivers/usb/storage/transport.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'drivers/usb')

diff --git a/drivers/usb/storage/transport.c b/drivers/usb/storage/transport.c
index 48ccee2072..5186508ba6 100644
--- a/drivers/usb/storage/transport.c
+++ b/drivers/usb/storage/transport.c
@@ -115,6 +115,7 @@ int usb_stor_Bulk_transport(struct us_blk_dev *usb_blkdev,
 	cbw.Length = cmdlen;
 
 	/* copy the command payload */
+	memset(cbw.CDB, 0, sizeof(cbw.CDB));
 	memcpy(cbw.CDB, cmd, cbw.Length);
 
 	/* send it to out endpoint */
-- 
cgit v1.2.3