ims-pcu: sanity checking on missing interfaces
This commit is contained in:
parent
c2763b5687
commit
8b7fda18c9
39
ims-pcu-sanity-check-against-missing-interfaces.patch
Normal file
39
ims-pcu-sanity-check-against-missing-interfaces.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From a4200b7eb26271108586d3a7cf34a2f16d460e48 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Oliver Neukum <oneukum@suse.com>
|
||||||
|
Date: Thu, 17 Mar 2016 15:10:47 +0100
|
||||||
|
Subject: [PATCH] ims-pcu: sanity check against missing interfaces
|
||||||
|
|
||||||
|
A malicious device missing interface can make the driver oops.
|
||||||
|
Add sanity checking.
|
||||||
|
|
||||||
|
Signed-off-by: Oliver Neukum <ONeukum@suse.com>
|
||||||
|
CC: stable@vger.kernel.org
|
||||||
|
---
|
||||||
|
drivers/input/misc/ims-pcu.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/drivers/input/misc/ims-pcu.c b/drivers/input/misc/ims-pcu.c
|
||||||
|
index ac1fa5f44580..9c0ea36913b4 100644
|
||||||
|
--- a/drivers/input/misc/ims-pcu.c
|
||||||
|
+++ b/drivers/input/misc/ims-pcu.c
|
||||||
|
@@ -1663,6 +1663,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc
|
||||||
|
|
||||||
|
pcu->ctrl_intf = usb_ifnum_to_if(pcu->udev,
|
||||||
|
union_desc->bMasterInterface0);
|
||||||
|
+ if (!pcu->ctrl_intf)
|
||||||
|
+ return -EINVAL;
|
||||||
|
|
||||||
|
alt = pcu->ctrl_intf->cur_altsetting;
|
||||||
|
pcu->ep_ctrl = &alt->endpoint[0].desc;
|
||||||
|
@@ -1670,6 +1672,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc
|
||||||
|
|
||||||
|
pcu->data_intf = usb_ifnum_to_if(pcu->udev,
|
||||||
|
union_desc->bSlaveInterface0);
|
||||||
|
+ if (!pcu->data_intf)
|
||||||
|
+ return -EINVAL;
|
||||||
|
|
||||||
|
alt = pcu->data_intf->cur_altsetting;
|
||||||
|
if (alt->desc.bNumEndpoints != 2) {
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
@ -649,6 +649,8 @@ Patch676: cdc-acm-more-sanity-checking.patch
|
|||||||
#CVE-2016-3140 rhbz 1317010 1316995
|
#CVE-2016-3140 rhbz 1317010 1316995
|
||||||
Patch677: digi_acceleport-do-sanity-checking-for-the-number-of.patch
|
Patch677: digi_acceleport-do-sanity-checking-for-the-number-of.patch
|
||||||
|
|
||||||
|
Patch678: ims-pcu-sanity-check-against-missing-interfaces.patch
|
||||||
|
|
||||||
# END OF PATCH DEFINITIONS
|
# END OF PATCH DEFINITIONS
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
@ -2171,6 +2173,7 @@ fi
|
|||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Mar 18 2016 Josh Boyer <jwboyer@fedoraproject.org>
|
* Fri Mar 18 2016 Josh Boyer <jwboyer@fedoraproject.org>
|
||||||
|
- ims-pcu: sanity checking on missing interfaces
|
||||||
- CVE-2016-3140 digi_acceleport: oops on invalid USB descriptors (rhbz 1317010 1316995)
|
- CVE-2016-3140 digi_acceleport: oops on invalid USB descriptors (rhbz 1317010 1316995)
|
||||||
- CVE-2016-3138 cdc_acm: oops on invalid USB descriptors (rhbz 1317010 1316204)
|
- CVE-2016-3138 cdc_acm: oops on invalid USB descriptors (rhbz 1317010 1316204)
|
||||||
- CVE-2016-2185 ati_remote2: oops on invalid USB descriptors (rhbz 1317014 1317471)
|
- CVE-2016-2185 ati_remote2: oops on invalid USB descriptors (rhbz 1317014 1317471)
|
||||||
|
Loading…
Reference in New Issue
Block a user