[PATCH 3.12 097/235] USB: serial: ti_usb_3410_5052: fix NULL-deref at open

Jiri Slaby Fri, 27 Jan 2017 03:51:07 -0800

From: Johan Hovold <jo...@kernel.org>

3.12-stable review patch.  If anyone has any objections, please let me know.


===============

commit ef079936d3cd09e63612834fe2698eeada0d8e3f upstream.

Fix NULL-pointer dereference in open() should a malicious device lack
the expected endpoints:

Unable to handle kernel NULL pointer dereference at virtual address 00000030
..
[<bf06a6b0>] (ti_open [ti_usb_3410_5052]) from [<bf02e118>] 
(serial_port_activate+0x68/0x98 [usbserial])

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <jo...@kernel.org>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 drivers/usb/serial/ti_usb_3410_5052.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/usb/serial/ti_usb_3410_5052.c 
b/drivers/usb/serial/ti_usb_3410_5052.c
index 11b402935fbd..a7c3f0800de9 100644
--- a/drivers/usb/serial/ti_usb_3410_5052.c
+++ b/drivers/usb/serial/ti_usb_3410_5052.c
@@ -341,6 +341,13 @@ static int ti_startup(struct usb_serial *serial)
                goto free_tdev;
        }
 
+       if (serial->num_bulk_in < serial->num_ports ||
+                       serial->num_bulk_out < serial->num_ports) {
+               dev_err(&serial->interface->dev, "missing endpoints\n");
+               status = -ENODEV;
+               goto free_tdev;
+       }
+
        return 0;
 
 free_tdev:
-- 
2.11.0

[PATCH 3.12 097/235] USB: serial: ti_usb_3410_5052: fix NULL-deref at open

Reply via email to