Diff attached fix two NULL dereferences in usb_set_config_index().
Index: usb_subr.c
===================================================================
RCS file: /cvs/src/sys/dev/usb/usb_subr.c,v
retrieving revision 1.123
diff -u -p -r1.123 usb_subr.c
--- usb_subr.c 23 May 2016 11:31:12 -0000 1.123
+++ usb_subr.c 1 Sep 2016 17:30:35 -0000
@@ -654,17 +654,20 @@ usbd_set_config_index(struct usbd_device
/* We are unconfiguring the device, so leave unallocated. */
DPRINTF(("usbd_set_config_index: set config 0\n"));
err = usbd_set_config(dev, USB_UNCONFIG_NO);
- if (err)
+ if (err) {
DPRINTF(("usbd_set_config_index: setting config=0 "
"failed, error=%s\n", usbd_errstr(err)));
+ }
return (err);
}
/* Get the short descriptor. */
err = usbd_get_desc(dev, UDESC_CONFIG, index,
USB_CONFIG_DESCRIPTOR_SIZE, &cd);
- if (err || cd.bDescriptorType != UDESC_CONFIG)
+ if (err)
return (err);
+ if (cd.bDescriptorType != UDESC_CONFIG)
+ return (USBD_INVAL);
len = UGETW(cd.wTotalLength);
cdp = malloc(len, M_USB, M_NOWAIT);
if (cdp == NULL)
