[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 10 Oct 2019 07:20:25 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Yizhuo <yzhai003@....edu>
Cc: Alan Stern <stern@...land.harvard.edu>,
Kai-Heng Feng <kai.heng.feng@...onical.com>,
Mathias Nyman <mathias.nyman@...ux.intel.com>,
Thinh Nguyen <Thinh.Nguyen@...opsys.com>,
Douglas Anderson <dianders@...omium.org>,
Nicolas Saenz Julienne <nsaenzjulienne@...e.de>,
Jan-Marek Glogowski <glogow@...home.de>,
Mathieu Malaterre <malat@...ian.org>,
linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] USB: core: Fix potental Null Pointer dereference
On Wed, Oct 09, 2019 at 06:02:02PM -0700, Yizhuo wrote:
> Inside function usb_device_is_owned(), usb_hub_to_struct_hub()
> could return NULL but there's no check before its dereference,
> which is potentially unsafe.
>
> Signed-off-by: Yizhuo <yzhai003@....edu>
> ---
> drivers/usb/core/hub.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
> index 236313f41f4a..8d628c8e0c1b 100644
> --- a/drivers/usb/core/hub.c
> +++ b/drivers/usb/core/hub.c
> @@ -1977,7 +1977,7 @@ bool usb_device_is_owned(struct usb_device *udev)
> if (udev->state == USB_STATE_NOTATTACHED || !udev->parent)
> return false;
> hub = usb_hub_to_struct_hub(udev->parent);
> - return !!hub->ports[udev->portnum - 1]->port_owner;
> + return hub && !!hub->ports[udev->portnum - 1]->port_owner;
How can hub ever not be valid?
thanks,
greg k-h
Powered by blists - more mailing lists