• Johan Hovold's avatar
    USB: uss720: fix NULL-deref at probe · e4942716
    Johan Hovold authored
    commit f259ca3e upstream.
    
    Make sure to check the number of endpoints to avoid dereferencing a
    NULL-pointer or accessing memory beyond the endpoint array should a
    malicious device lack the expected endpoints.
    
    Note that the endpoint access that causes the NULL-deref is currently
    only used for debugging purposes during probe so the oops only happens
    when dynamic debugging is enabled. This means the driver could be
    rewritten to continue to accept device with only two endpoints, should
    such devices exist.
    
    Fixes: 1da177e4 ("Linux-2.6.12-rc2")
    Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    e4942716
uss720.c 22.4 KB