| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <lsq.1539530741.634284374@decadent.org.uk>
Date: Sun, 14 Oct 2018 16:25:41 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC: akpm@...ux-foundation.org,
"Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
"Shuah Khan" <shuahkh@....samsung.com>
Subject: [PATCH 3.16 184/366] usbip: vhci_hcd: check rhport before using
in vhci_hub_control()
3.16.60-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Shuah Khan <shuahkh@....samsung.com>
commit 5b22f676118ff25049382041da0db8012e57c9e8 upstream.
Validate !rhport < 0 before using it to access port_status array.
Signed-off-by: Shuah Khan <shuahkh@....samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
[bwh: Backported to 3.16:
- Drop changes to the SetPortFeature
USB_PORT_FEAT_{SUSPEND,POWER,BH_PORT_RESET} cases
- Add the "error" label
- Adjust filename, context]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
--- a/drivers/staging/usbip/vhci_hcd.c
+++ b/drivers/staging/usbip/vhci_hcd.c
@@ -266,6 +266,8 @@ static int vhci_hub_control(struct usb_h
usbip_dbg_vhci_rh(" ClearHubFeature\n");
break;
case ClearPortFeature:
+ if (rhport < 0)
+ goto error;
switch (wValue) {
case USB_PORT_FEAT_SUSPEND:
if (dum->port_status[rhport] & USB_PORT_STAT_SUSPEND) {
@@ -370,6 +372,8 @@ static int vhci_hub_control(struct usb_h
case USB_PORT_FEAT_RESET:
usbip_dbg_vhci_rh(
" SetPortFeature: USB_PORT_FEAT_RESET\n");
+ if (rhport < 0)
+ goto error;
/* if it's already running, disconnect first */
if (dum->port_status[rhport] & USB_PORT_STAT_ENABLE) {
dum->port_status[rhport] &=
@@ -385,6 +389,8 @@ static int vhci_hub_control(struct usb_h
default:
usbip_dbg_vhci_rh(" SetPortFeature: default %d\n",
wValue);
+ if (rhport < 0)
+ goto error;
dum->port_status[rhport] |= (1 << wValue);
break;
}
@@ -392,7 +398,7 @@ static int vhci_hub_control(struct usb_h
default:
pr_err("default: no such request\n");
-
+error:
/* "protocol stall" on error */
retval = -EPIPE;
}
Powered by blists - more mailing lists