projects / unionfs-2.6.38.y.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 80bc5ec)
USB: CDC ACM: Fix NULL pointer dereference
authorSven Schnelle <svens@stackframe.org>
Fri, 17 Aug 2012 19:43:43 +0000 (21:43 +0200)
committerWilly Tarreau <w@1wt.eu>
Sun, 7 Oct 2012 21:40:56 +0000 (23:40 +0200)
commit 99f347caa4568cb803862730b3b1f1942639523f upstream.

If a device specifies zero endpoints in its interface descriptor,
the kernel oopses in acm_probe(). Even though that's clearly an
invalid descriptor, we should test wether we have all endpoints.
This is especially bad as this oops can be triggered by just
plugging a USB device in.

Signed-off-by: Sven Schnelle <svens@stackframe.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
drivers/usb/class/cdc-acm.c patch | blob | history

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 653f8530976225bdff6b647df219d51eb1325828..8ad9dfb75038fd1789be064dde7dfe31c2efb140 100644 (file)
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1120,7 +1120,8 @@ skip_normal_probe:
        }
 
 
-       if (data_interface->cur_altsetting->desc.bNumEndpoints < 2)
+       if (data_interface->cur_altsetting->desc.bNumEndpoints < 2 ||
+           control_interface->cur_altsetting->desc.bNumEndpoints == 0)
                return -EINVAL;
 
        epctrl = &control_interface->cur_altsetting->endpoint[0].desc;
unionfs2-2.6.38.y