ims-pcu: sanity checking on missing interfaces

This commit is contained in:
Josh Boyer 2016-03-18 11:12:40 -04:00
parent c2763b5687
commit 8b7fda18c9
2 changed files with 42 additions and 0 deletions

View File

@ -0,0 +1,39 @@
From a4200b7eb26271108586d3a7cf34a2f16d460e48 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@suse.com>
Date: Thu, 17 Mar 2016 15:10:47 +0100
Subject: [PATCH] ims-pcu: sanity check against missing interfaces
A malicious device missing interface can make the driver oops.
Add sanity checking.
Signed-off-by: Oliver Neukum <ONeukum@suse.com>
CC: stable@vger.kernel.org
---
drivers/input/misc/ims-pcu.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/input/misc/ims-pcu.c b/drivers/input/misc/ims-pcu.c
index ac1fa5f44580..9c0ea36913b4 100644
--- a/drivers/input/misc/ims-pcu.c
+++ b/drivers/input/misc/ims-pcu.c
@@ -1663,6 +1663,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc
pcu->ctrl_intf = usb_ifnum_to_if(pcu->udev,
union_desc->bMasterInterface0);
+ if (!pcu->ctrl_intf)
+ return -EINVAL;
alt = pcu->ctrl_intf->cur_altsetting;
pcu->ep_ctrl = &alt->endpoint[0].desc;
@@ -1670,6 +1672,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc
pcu->data_intf = usb_ifnum_to_if(pcu->udev,
union_desc->bSlaveInterface0);
+ if (!pcu->data_intf)
+ return -EINVAL;
alt = pcu->data_intf->cur_altsetting;
if (alt->desc.bNumEndpoints != 2) {
--
2.5.0

View File

@ -649,6 +649,8 @@ Patch676: cdc-acm-more-sanity-checking.patch
#CVE-2016-3140 rhbz 1317010 1316995 #CVE-2016-3140 rhbz 1317010 1316995
Patch677: digi_acceleport-do-sanity-checking-for-the-number-of.patch Patch677: digi_acceleport-do-sanity-checking-for-the-number-of.patch
Patch678: ims-pcu-sanity-check-against-missing-interfaces.patch
# END OF PATCH DEFINITIONS # END OF PATCH DEFINITIONS
%endif %endif
@ -2171,6 +2173,7 @@ fi
# #
%changelog %changelog
* Fri Mar 18 2016 Josh Boyer <jwboyer@fedoraproject.org> * Fri Mar 18 2016 Josh Boyer <jwboyer@fedoraproject.org>
- ims-pcu: sanity checking on missing interfaces
- CVE-2016-3140 digi_acceleport: oops on invalid USB descriptors (rhbz 1317010 1316995) - CVE-2016-3140 digi_acceleport: oops on invalid USB descriptors (rhbz 1317010 1316995)
- CVE-2016-3138 cdc_acm: oops on invalid USB descriptors (rhbz 1317010 1316204) - CVE-2016-3138 cdc_acm: oops on invalid USB descriptors (rhbz 1317010 1316204)
- CVE-2016-2185 ati_remote2: oops on invalid USB descriptors (rhbz 1317014 1317471) - CVE-2016-2185 ati_remote2: oops on invalid USB descriptors (rhbz 1317014 1317471)