| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Oct 2020 22:31:49 +0100
From: Sudip Mukherjee <sudipm.mukherjee@...il.com>
To: Alan Stern <stern@...land.harvard.edu>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org, linux-safety@...ts.elisa.tech,
linux-usb@...r.kernel.org,
Sudip Mukherjee <sudipm.mukherjee@...il.com>
Subject: [PATCH] usb: host: ehci-sched: avoid possible NULL dereference
find_tt() can return NULL or the error value in ERR_PTR() and
dereferencing the return value without checking for the error can
lead to a possible dereference of NULL pointer or ERR_PTR().
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@...il.com>
---
drivers/usb/host/ehci-sched.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c
index 6dfb242f9a4b..f3fd7e9fe6b2 100644
--- a/drivers/usb/host/ehci-sched.c
+++ b/drivers/usb/host/ehci-sched.c
@@ -245,6 +245,8 @@ static void reserve_release_intr_bandwidth(struct ehci_hcd *ehci,
/* FS/LS bus bandwidth */
if (tt_usecs) {
tt = find_tt(qh->ps.udev);
+ if (IS_ERR_OR_NULL(tt))
+ return;
if (sign > 0)
list_add_tail(&qh->ps.ps_list, &tt->ps_list);
else
@@ -1338,6 +1340,8 @@ static void reserve_release_iso_bandwidth(struct ehci_hcd *ehci,
}
tt = find_tt(stream->ps.udev);
+ if (IS_ERR_OR_NULL(tt))
+ return;
if (sign > 0)
list_add_tail(&stream->ps.ps_list, &tt->ps_list);
else
--
2.11.0
Powered by blists - more mailing lists