lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 May 2020 20:01:42 +0200 From: Andrey Konovalov <andreyknvl@...gle.com> To: Felipe Balbi <balbi@...nel.org> Cc: linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Alan Stern <stern@...land.harvard.edu>, Dmitry Vyukov <dvyukov@...gle.com>, Andrey Konovalov <andreyknvl@...gle.com> Subject: [PATCH USB] usb: raw-gadget: fix null-ptr-deref when reenabling endpoints Currently we preassign gadget endpoints to raw-gadget endpoints during initialization. Fix resetting this assignment in raw_ioctl_ep_disable(), otherwise we will get null-ptr-derefs when an endpoint is reenabled. Signed-off-by: Andrey Konovalov <andreyknvl@...gle.com> --- Felipe, this is technically a fix for "usb: raw-gadget: fix gadget endpoint selection", which AFAICS is already in your testing/fixes tree. Please let me know if you would like me resend that patch with this fix folded in. --- drivers/usb/gadget/legacy/raw_gadget.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/usb/gadget/legacy/raw_gadget.c b/drivers/usb/gadget/legacy/raw_gadget.c index d73ba77014c8..e01e366d89cd 100644 --- a/drivers/usb/gadget/legacy/raw_gadget.c +++ b/drivers/usb/gadget/legacy/raw_gadget.c @@ -867,7 +867,6 @@ static int raw_ioctl_ep_disable(struct raw_dev *dev, unsigned long value) spin_lock_irqsave(&dev->lock, flags); usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req); kfree(dev->eps[i].ep->desc); - dev->eps[i].ep = NULL; dev->eps[i].state = STATE_EP_DISABLED; dev->eps[i].disabling = false; -- 2.26.2.645.ge9eca65c58-goog
Powered by blists - more mailing lists