lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.LNX.2.00.1101132300490.11347@swampdragon.chaosbits.net>
Date:	Thu, 13 Jan 2011 23:05:47 +0100 (CET)
From:	Jesper Juhl <jj@...osbits.net>
To:	linux-media@...r.kernel.org
cc:	linux-kernel@...r.kernel.org,
	Jean-Francois Moine <moinejf@...e.fr>,
	Mauro Carvalho Chehab <mchehab@...radead.org>,
	Hans de Goede <hdegoede@...hat.com>,
	Lee Jones <lee.jones@...onical.com>
Subject: [PATCH][rfc] media, video, stv06xx, pb0100: Don't potentially deref
 NULL in pb0100_start().

usb_altnum_to_altsetting() may return NULL. If it does we'll dereference a 
NULL pointer in 
drivers/media/video/gspca/stv06xx/stv06xx_pb0100.c::pb0100_start().
As far as I can tell there's not really anything more sensible than 
-ENODEV that we can return in that situation, but I'm not at all intimate 
with this code so I'd like a bit of review/comments on this before it's 
applied.
Anyway, here's a proposed patch.

Signed-off-by: Jesper Juhl <jj@...osbits.net>
---
 stv06xx_pb0100.c |    2 ++
 1 file changed, 2 insertions(+)

  compile tested only.

diff --git a/drivers/media/video/gspca/stv06xx/stv06xx_pb0100.c b/drivers/media/video/gspca/stv06xx/stv06xx_pb0100.c
index ac47b4c..75a5b9c 100644
--- a/drivers/media/video/gspca/stv06xx/stv06xx_pb0100.c
+++ b/drivers/media/video/gspca/stv06xx/stv06xx_pb0100.c
@@ -217,6 +217,8 @@ static int pb0100_start(struct sd *sd)
 
 	intf = usb_ifnum_to_if(sd->gspca_dev.dev, sd->gspca_dev.iface);
 	alt = usb_altnum_to_altsetting(intf, sd->gspca_dev.alt);
+	if (!alt)
+		return -ENODEV;
 	packet_size = le16_to_cpu(alt->endpoint[0].desc.wMaxPacketSize);
 
 	/* If we don't have enough bandwidth use a lower framerate */



-- 
Jesper Juhl <jj@...osbits.net>            http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ