ims-pcu: sanity checking on missing interfaces
This commit is contained in:
Josh Boyer
parent
c2763b5687
commit
8b7fda18c9
|
|
@ -0,0 +1,39 @@
|
|||
From a4200b7eb26271108586d3a7cf34a2f16d460e48 Mon Sep 17 00:00:00 2001
|
||||
From: Oliver Neukum <oneukum@suse.com>
|
||||
Date: Thu, 17 Mar 2016 15:10:47 +0100
|
||||
Subject: [PATCH] ims-pcu: sanity check against missing interfaces
|
||||
|
||||
A malicious device missing interface can make the driver oops.
|
||||
Add sanity checking.
|
||||
|
||||
Signed-off-by: Oliver Neukum <ONeukum@suse.com>
|
||||
CC: stable@vger.kernel.org
|
||||
---
|
||||
drivers/input/misc/ims-pcu.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/drivers/input/misc/ims-pcu.c b/drivers/input/misc/ims-pcu.c
|
||||
index ac1fa5f44580..9c0ea36913b4 100644
|
||||
--- a/drivers/input/misc/ims-pcu.c
|
||||
+++ b/drivers/input/misc/ims-pcu.c
|
||||
@@ -1663,6 +1663,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc
|
||||
|
||||
pcu->ctrl_intf = usb_ifnum_to_if(pcu->udev,
|
||||
union_desc->bMasterInterface0);
|
||||
+ if (!pcu->ctrl_intf)
|
||||
+ return -EINVAL;
|
||||
|
||||
alt = pcu->ctrl_intf->cur_altsetting;
|
||||
pcu->ep_ctrl = &alt->endpoint[0].desc;
|
||||
@@ -1670,6 +1672,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc
|
||||
|
||||
pcu->data_intf = usb_ifnum_to_if(pcu->udev,
|
||||
union_desc->bSlaveInterface0);
|
||||
+ if (!pcu->data_intf)
|
||||
+ return -EINVAL;
|
||||
|
||||
alt = pcu->data_intf->cur_altsetting;
|
||||
if (alt->desc.bNumEndpoints != 2) {
|
||||
--
|
||||
2.5.0
|
||||
|
||||
|
|
@ -649,6 +649,8 @@ Patch676: cdc-acm-more-sanity-checking.patch
|
|||
#CVE-2016-3140 rhbz 1317010 1316995
|
||||
Patch677: digi_acceleport-do-sanity-checking-for-the-number-of.patch
|
||||
|
||||
Patch678: ims-pcu-sanity-check-against-missing-interfaces.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -2171,6 +2173,7 @@ fi
|
|||
#
|
||||
%changelog
|
||||
* Fri Mar 18 2016 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- ims-pcu: sanity checking on missing interfaces
|
||||
- CVE-2016-3140 digi_acceleport: oops on invalid USB descriptors (rhbz 1317010 1316995)
|
||||
- CVE-2016-3138 cdc_acm: oops on invalid USB descriptors (rhbz 1317010 1316204)
|
||||
- CVE-2016-2185 ati_remote2: oops on invalid USB descriptors (rhbz 1317014 1317471)
|
||||
|
|
|
|||
Loading…
Reference in New Issue