lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20201012111024.2259162-3-rickyniu@google.com>
Date:   Mon, 12 Oct 2020 19:10:23 +0800
From:   rickyniu <rickyniu@...gle.com>
To:     balbi@...nel.org, gregkh@...uxfoundation.org, astrachan@...gle.com,
        rickyniu@...gle.com, amit.pundir@...aro.org, lockwood@...roid.com,
        benoit@...roid.com, jackp@...eaurora.org, vvreddy@...eaurora.org
Cc:     linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
        kyletso@...gle.com
Subject: [PATCH 2/3] ANDROID: USB: f_accessory: Check dev pointer before
 decoding ctrl request

From: Vijayavardhan Vennapusa <vvreddy@...eaurora.org>

In case of poweroff charging mode, accessory function instance
is not created and due to this, _acc_dev will be NULL. If target
is connected to Accessory dock in poweroff charging mode, there
is a chance dev pointer is accessed, which is NULL. Hence add a
check before processing control request and return error if it is
NULL.

Signed-off-by: Vijayavardhan Vennapusa <vvreddy@...eaurora.org>
Signed-off-by: Jack Pham <jackp@...eaurora.org>
Signed-off-by: rickyniu <rickyniu@...gle.com>
---
 drivers/usb/gadget/function/f_accessory.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/usb/gadget/function/f_accessory.c b/drivers/usb/gadget/function/f_accessory.c
index 514eadee1793..5ed80940b9bf 100644
--- a/drivers/usb/gadget/function/f_accessory.c
+++ b/drivers/usb/gadget/function/f_accessory.c
@@ -833,6 +833,12 @@ int acc_ctrlrequest(struct usb_composite_dev *cdev,
 	u16	w_length = le16_to_cpu(ctrl->wLength);
 	unsigned long flags;
 
+	/*
+	 * If instance is not created which is the case in power off charging
+	 * mode, dev will be NULL. Hence return error if it is the case.
+	 */
+	if (!dev)
+		return -ENODEV;
 /*
 	printk(KERN_INFO "acc_ctrlrequest "
 			"%02x.%02x v%04x i%04x l%u\n",
-- 
2.28.0.1011.ga647a8990f-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ