From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qg0-f51.google.com ([209.85.192.51]:36047 "EHLO mail-qg0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934826AbcCPPH1 (ORCPT ); Wed, 16 Mar 2016 11:07:27 -0400 Date: Wed, 16 Mar 2016 11:08:21 -0400 From: Johan Hovold To: Oliver Neukum Cc: linux-usb@vger.kernel.org, johan@kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] cypress_m8: add sanity checking Message-ID: <20160316150821.GC2546@localhost> References: <1458137989-30819-1-git-send-email-oneukum@suse.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1458137989-30819-1-git-send-email-oneukum@suse.com> Sender: stable-owner@vger.kernel.org List-ID: On Wed, Mar 16, 2016 at 03:19:49PM +0100, Oliver Neukum wrote: > An attack using missing endpoints exists. > CVE-2016-3137 > > Signed-off-by: Oliver Neukum > CC: stable@vger.kernel.org > --- > drivers/usb/serial/cypress_m8.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/usb/serial/cypress_m8.c b/drivers/usb/serial/cypress_m8.c > index 01bf533..1c6cbf5 100644 > --- a/drivers/usb/serial/cypress_m8.c > +++ b/drivers/usb/serial/cypress_m8.c > @@ -447,6 +447,9 @@ static int cypress_generic_port_probe(struct usb_serial_port *port) > struct usb_serial *serial = port->serial; > struct cypress_private *priv; > > + if (!port->interrupt_out_urb || !port->interrupt_in_urb) > + return -ENODEV; > + This look good, but would you mind adding dev_err in case the expected endpoints are missing? You can also remove the interrupt-in-urb check in open(). > priv = kzalloc(sizeof(struct cypress_private), GFP_KERNEL); > if (!priv) > return -ENOMEM; Thanks, Johan