lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 5 Jun 2019 02:02:40 +0000
From:   Duyanlin <duyanlin@...wei.com>
To:     "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "shawnguo@...nel.org" <shawnguo@...nel.org>,
        "s.hauer@...gutronix.de" <s.hauer@...gutronix.de>,
        "kernel@...gutronix.de" <kernel@...gutronix.de>,
        "festevam@...il.com" <festevam@...il.com>,
        "linux-imx@....com" <linux-imx@....com>
CC:     "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Zengweilin <zengweilin@...wei.com>
Subject: [PATCH] drivers/usb/host/imx21-hcd.c: fix divide-by-zero in func
 nonisoc_etd_done


If the function usb_maxpacket(urb->dev, urb->pipe, usb_pipeout(urb->pipe)) returns 0, that will cause a illegal divide-by-zero operation, unexpected results may occur.
It is best to ensure that the denominator is non-zero before dividing by zero.

Signed-off-by: Yanlin Du <duyanlin@...wei.com>
---
 drivers/usb/host/imx21-hcd.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/usb/host/imx21-hcd.c b/drivers/usb/host/imx21-hcd.c index 6e3dad1..6a47f78 100644
--- a/drivers/usb/host/imx21-hcd.c
+++ b/drivers/usb/host/imx21-hcd.c
@@ -1038,6 +1038,7 @@ static void nonisoc_etd_done(struct usb_hcd *hcd, int etd_num)
 	int cc;
 	u32 bytes_xfrd;
 	int etd_done;
+	unsigned int maxp;
 
 	disactivate_etd(imx21, etd_num);
 
@@ -1104,13 +1105,13 @@ static void nonisoc_etd_done(struct usb_hcd *hcd, int etd_num)
 		break;
 
 	case PIPE_BULK:
+		maxp = usb_maxpacket(urb->dev, urb->pipe,
+				usb_pipeout(urb->pipe));
 		urb->actual_length += bytes_xfrd;
 		if ((urb_priv->state == US_BULK)
 		    && (urb->transfer_flags & URB_ZERO_PACKET)
 		    && urb->transfer_buffer_length > 0
-		    && ((urb->transfer_buffer_length %
-			 usb_maxpacket(urb->dev, urb->pipe,
-				       usb_pipeout(urb->pipe))) == 0)) {
+		    && maxp && (urb->transfer_buffer_length % maxp == 0)) {
 			/* need a 0-packet */
 			urb_priv->state = US_BULK0;
 		} else {
--
1.8.5.6

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ