| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Mar 2017 11:46:10 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC: akpm@...ux-foundation.org, "Johan Hovold" <johan@...nel.org>
Subject: [PATCH 3.2 066/199] USB: serial: cyberjack: fix NULL-deref at open
3.2.87-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@...nel.org>
commit 3dca01114dcecb1cf324534cd8d75fd1306a516b upstream.
Fix NULL-pointer dereference when clearing halt at open should the device
lack a bulk-out endpoint.
Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
PC is at cyberjack_open+0x40/0x9c [cyberjack]
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <johan@...nel.org>
[bwh: Backported to 3.2: add this check to the existing
usb_serial_driver::attach implementation]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
--- a/drivers/usb/serial/cyberjack.c
+++ b/drivers/usb/serial/cyberjack.c
@@ -122,6 +122,9 @@ static int cyberjack_startup(struct usb_
dbg("%s", __func__);
+ if (serial->num_bulk_out < serial->num_ports)
+ return -ENODEV;
+
/* allocate the private data structure */
priv = kmalloc(sizeof(struct cyberjack_private), GFP_KERNEL);
if (!priv)
Powered by blists - more mailing lists