projects / thirdparty / kernel / stable-queue.git / blame
| Commit | Line | Data |
|---|---|---|
| 90594201 GKH |
1 | From 59cf8bed44a79ec42303151dd014fdb6434254bb Mon Sep 17 00:00:00 2001 |
| 2 | From: Johan Hovold <johan@kernel.org> | |
| 3 | Date: Thu, 16 Mar 2017 11:34:02 -0700 | |
| 4 | Subject: Input: iforce - validate number of endpoints before using them | |
| 5 | ||
| 6 | From: Johan Hovold <johan@kernel.org> | |
| 7 | ||
| 8 | commit 59cf8bed44a79ec42303151dd014fdb6434254bb upstream. | |
| 9 | ||
| 10 | Make sure to check the number of endpoints to avoid dereferencing a | |
| 11 | NULL-pointer or accessing memory that lie beyond the end of the endpoint | |
| 12 | array should a malicious device lack the expected endpoints. | |
| 13 | ||
| 14 | Signed-off-by: Johan Hovold <johan@kernel.org> | |
| 15 | Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> | |
| 16 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| 17 | ||
| 18 | --- | |
| 19 | drivers/input/joystick/iforce/iforce-usb.c | 3 +++ | |
| 20 | 1 file changed, 3 insertions(+) | |
| 21 | ||
| 22 | --- a/drivers/input/joystick/iforce/iforce-usb.c | |
| 23 | +++ b/drivers/input/joystick/iforce/iforce-usb.c | |
| 24 | @@ -141,6 +141,9 @@ static int iforce_usb_probe(struct usb_i | |
| 25 | ||
| 26 | interface = intf->cur_altsetting; | |
| 27 | ||
| 28 | + if (interface->desc.bNumEndpoints < 2) | |
| 29 | + return -ENODEV; | |
| 30 | + | |
| 31 | epirq = &interface->endpoint[0].desc; | |
| 32 | epout = &interface->endpoint[1].desc; | |
| 33 |