diff options
| author | Oliver Neukum <oneukum@suse.com> | 2016-09-20 09:45:42 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-09-21 03:48:27 -0400 |
| commit | 2ad9d544f2497a7bf239c34bd2b86fd19683dbb5 (patch) | |
| tree | 108951d6036e0c4233b1c0586da568a19a157f8f /drivers/usb | |
| parent | 3a383cc0b8cc33af188fe2062b6ba5a69af25fa7 (diff) | |
cdc-acm: hardening against malicious devices
This should fix the last holes against malicious devices
still open in cdc-acm. It cannot go into stable due to
the introduction of the common parser.
The fix for stable already merged also covers the problems this patch
fixes.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/usb')
| -rw-r--r-- | drivers/usb/class/cdc-acm.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 15ffe389b86f..78f0f85bebdc 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c | |||
| @@ -1179,6 +1179,9 @@ static int acm_probe(struct usb_interface *intf, | |||
| 1179 | return -EINVAL; | 1179 | return -EINVAL; |
| 1180 | } | 1180 | } |
| 1181 | 1181 | ||
| 1182 | if (!intf->cur_altsetting) | ||
| 1183 | return -EINVAL; | ||
| 1184 | |||
| 1182 | if (!buflen) { | 1185 | if (!buflen) { |
| 1183 | if (intf->cur_altsetting->endpoint && | 1186 | if (intf->cur_altsetting->endpoint && |
| 1184 | intf->cur_altsetting->endpoint->extralen && | 1187 | intf->cur_altsetting->endpoint->extralen && |
| @@ -1232,6 +1235,8 @@ static int acm_probe(struct usb_interface *intf, | |||
| 1232 | dev_dbg(&intf->dev, "no interfaces\n"); | 1235 | dev_dbg(&intf->dev, "no interfaces\n"); |
| 1233 | return -ENODEV; | 1236 | return -ENODEV; |
| 1234 | } | 1237 | } |
| 1238 | if (!data_interface->cur_altsetting || !control_interface->cur_altsetting) | ||
| 1239 | return -ENODEV; | ||
| 1235 | 1240 | ||
| 1236 | if (data_intf_num != call_intf_num) | 1241 | if (data_intf_num != call_intf_num) |
| 1237 | dev_dbg(&intf->dev, "Separate call control interface. That is not fully supported.\n"); | 1242 | dev_dbg(&intf->dev, "Separate call control interface. That is not fully supported.\n"); |