Input: iforce - validate number of endpoints before using them

Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer or accessing memory that lie beyond the end of the endpoint array should a malicious device lack the expected endpoints. Signed-off-by: Johan Hovold <johan@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>

Input: iforce - validate number of endpoints before using them
Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer or accessing memory that lie beyond the end of the endpoint array should a malicious device lack the expected endpoints. Signed-off-by: Johan Hovold <johan@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
59cf8bed · Johan Hovold · Dmitry Torokhov · 92ef6f97 · 59cf8bed
Commit 59cf8bed authored Mar 16, 2017 by Johan Hovold Committed by Dmitry Torokhov Mar 16, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

drivers/input/joystick/iforce/iforce-usb.c drivers/input/joystick/iforce/iforce-usb.c +3 -0

No files found.
--- a/drivers/input/joystick/iforce/iforce-usb.c
+++ b/drivers/input/joystick/iforce/iforce-usb.c
@@ -141,6 +141,9 @@ static int iforce_usb_probe(struct usb_interface *intf,

 	interface = intf->cur_altsetting;

+	if (interface->desc.bNumEndpoints < 2)
+		return -ENODEV;
+
 	epirq = &interface->endpoint[0].desc;
 	epout = &interface->endpoint[1].desc;