[PATCH] [media] mceusb: fix NULL-deref at probe

Johan Hovold Tue, 07 Mar 2017 10:21:07 -0800

Make sure to check for the required out endpoint to avoid dereferencing
a NULL-pointer in mce_request_packet should a malicious device lack such
an endpoint. Note that this path it hit during probe.


Fixes: 66e89522aff7 ("V4L/DVB: IR: add mceusb IR receiver driver")
Cc: stable <sta...@vger.kernel.org>     # 2.6.36
Signed-off-by: Johan Hovold <jo...@kernel.org>
---

Found through inspection, compile tested only.

Johan


 drivers/media/rc/mceusb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/media/rc/mceusb.c b/drivers/media/rc/mceusb.c
index 238d8eaf7d94..93b16fe3ab38 100644
--- a/drivers/media/rc/mceusb.c
+++ b/drivers/media/rc/mceusb.c
@@ -1288,8 +1288,8 @@ static int mceusb_dev_probe(struct usb_interface *intf,
                        }
                }
        }
-       if (ep_in == NULL) {
-               dev_dbg(&intf->dev, "inbound and/or endpoint not found");
+       if (!ep_in || !ep_out) {
+               dev_dbg(&intf->dev, "required endpoints not found\n");
                return -ENODEV;
        }
 
-- 
2.12.0

[PATCH] [media] mceusb: fix NULL-deref at probe

Reply via email to