[PATCH 4.10 048/111] USB: idmouse: fix NULL-deref at probe

Greg Kroah-Hartman Tue, 28 Mar 2017 05:50:06 -0700

4.10-stable review patch.  If anyone has any objections, please let me know.


------------------

From: Johan Hovold <jo...@kernel.org>

commit b0addd3fa6bcd119be9428996d5d4522479ab240 upstream.

Make sure to check the number of endpoints to avoid dereferencing a
NULL-pointer should a malicious device lack endpoints.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <jo...@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>

---
 drivers/usb/misc/idmouse.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/usb/misc/idmouse.c
+++ b/drivers/usb/misc/idmouse.c
@@ -346,6 +346,9 @@ static int idmouse_probe(struct usb_inte
        if (iface_desc->desc.bInterfaceClass != 0x0A)
                return -ENODEV;
 
+       if (iface_desc->desc.bNumEndpoints < 1)
+               return -ENODEV;
+
        /* allocate memory for our device state and initialize it */
        dev = kzalloc(sizeof(*dev), GFP_KERNEL);
        if (dev == NULL)

[PATCH 4.10 048/111] USB: idmouse: fix NULL-deref at probe

Reply via email to