diff options
author | Sven Schnelle <svens@stackframe.org> | 2012-08-17 21:43:43 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2012-08-18 02:55:46 +0200 |
commit | 99f347caa4568cb803862730b3b1f1942639523f (patch) | |
tree | eea4cff2cddd658d93beca0a46f31be807b8b3fa | |
parent | USB: emi62: remove __devinit* from the struct usb_device_id table (diff) | |
download | linux-99f347caa4568cb803862730b3b1f1942639523f.tar.xz linux-99f347caa4568cb803862730b3b1f1942639523f.zip |
USB: CDC ACM: Fix NULL pointer dereference
If a device specifies zero endpoints in its interface descriptor,
the kernel oopses in acm_probe(). Even though that's clearly an
invalid descriptor, we should test wether we have all endpoints.
This is especially bad as this oops can be triggered by just
plugging a USB device in.
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | drivers/usb/class/cdc-acm.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 56d6bf668488..f763ed7ba91e 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -1104,7 +1104,8 @@ skip_normal_probe: } - if (data_interface->cur_altsetting->desc.bNumEndpoints < 2) + if (data_interface->cur_altsetting->desc.bNumEndpoints < 2 || + control_interface->cur_altsetting->desc.bNumEndpoints == 0) return -EINVAL; epctrl = &control_interface->cur_altsetting->endpoint[0].desc; |