From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Cameron Gutman <aicommander@gmail.com>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>
Subject: [PATCH 3.14 08/21] Input: xpad - validate USB endpoint count during probe
Date: Mon, 8 Aug 2016 21:09:39 +0200 [thread overview]
Message-ID: <20160808180144.289027343@linuxfoundation.org> (raw)
In-Reply-To: <20160808180143.919366850@linuxfoundation.org>
3.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cameron Gutman <aicommander@gmail.com>
commit caca925fca4fb30c67be88cacbe908eec6721e43 upstream.
This prevents a malicious USB device from causing an oops.
Signed-off-by: Cameron Gutman <aicommander@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/joystick/xpad.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
@@ -844,6 +844,9 @@ static int xpad_probe(struct usb_interfa
struct usb_endpoint_descriptor *ep_irq_in;
int i, error;
+ if (intf->cur_altsetting->desc.bNumEndpoints != 2)
+ return -ENODEV;
+
for (i = 0; xpad_device[i].idVendor; i++) {
if ((le16_to_cpu(udev->descriptor.idVendor) == xpad_device[i].idVendor) &&
(le16_to_cpu(udev->descriptor.idProduct) == xpad_device[i].idProduct))
next prev parent reply other threads:[~2016-08-08 19:10 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20160808191004uscas1p26944bddcdda269e11e609e5ab288a7dc@uscas1p2.samsung.com>
2016-08-08 19:09 ` [PATCH 3.14 00/21] 3.14.75-stable review Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 01/21] fs/nilfs2: fix potential underflow in call to crc32_le Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 02/21] arc: unwind: warn only once if DW2_UNWIND is disabled Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 03/21] xen/pciback: Fix conf_space read/write overlap check Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 07/21] Input: wacom_w8001 - w8001_MAX_LENGTH should be 13 Greg Kroah-Hartman
2016-08-08 19:09 ` Greg Kroah-Hartman [this message]
2016-08-08 19:09 ` [PATCH 3.14 09/21] pinctrl: single: Fix missing flush of posted write for a wakeirq Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 10/21] Revert "ecryptfs: forbid opening files without mmap handler" Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 11/21] ecryptfs: dont allow mmap when the lower fs doesnt support it Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 12/21] ARC: use ASL assembler mnemonic Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 13/21] ext4: verify extent header depth Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 14/21] qeth: delete napi struct when removing a qeth device Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 15/21] mmc: block: fix packed command header endianness Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 16/21] can: at91_can: RX queue could get stuck at high bus load Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 17/21] can: fix handling of unmodifiable configuration options fix Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 18/21] can: fix oops caused by wrong rtnl dellink usage Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 19/21] ipr: Clear interrupt on croc/crocodile when running with LSI Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 20/21] libceph: apply new_state before new_up_client on incrementals Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 21/21] net: mvneta: set real interrupt per packet for tx_done Greg Kroah-Hartman
2016-08-09 4:16 ` [PATCH 3.14 00/21] 3.14.75-stable review Guenter Roeck
2016-08-09 8:19 ` Greg Kroah-Hartman
2016-08-09 15:09 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160808180144.289027343@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=aicommander@gmail.com \
--cc=dmitry.torokhov@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.