From: Jeff Garzik <jgarzik@pobox.com>
To: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Cc: netdev@vger.kernel.org, dbrownell@users.sourceforge.net,
davem@davemloft.net
Subject: Re: [PATCH 2.6.25][resend] rndis_host: fix oops when query for OID_GEN_PHYSICAL_MEDIUM fails
Date: Tue, 25 Mar 2008 23:20:35 -0400 [thread overview]
Message-ID: <47E9C103.8050608@pobox.com> (raw)
In-Reply-To: <20080323104535.10317.33658.stgit@fate.lan>
Jussi Kivilinna wrote:
> From: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
>
> When query for OID_GEN_PHYSICAL_MEDIUM fails, uninitialized pointer
> 'phym' is being accessed in generic_rndis_bind(), resulting OOPS.
> Patch fixes phym to be initialized and setup correctly when
> rndis_query() for physical medium fails.
>
> Bug was introduced by following commit:
> commit 039ee17d1baabaa21783a0d5ab3e8c6d8c794bdf
> Author: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
> Date: Sun Jan 27 23:34:33 2008 +0200
>
> Reported-by: Dmitri Monakhov <dmonakhov@openvz.org>
> Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
> Acked-by: David Brownell <dbrownell@users.sourceforge.net>
> ---
>
> drivers/net/usb/rndis_host.c | 9 ++++++---
> 1 files changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/usb/rndis_host.c b/drivers/net/usb/rndis_host.c
> index a613247..1b810ab 100644
> --- a/drivers/net/usb/rndis_host.c
> +++ b/drivers/net/usb/rndis_host.c
> @@ -287,7 +287,7 @@ generic_rndis_bind(struct usbnet *dev, struct usb_interface *intf, int flags)
> struct rndis_set_c *set_c;
> struct rndis_halt *halt;
> } u;
> - u32 tmp, *phym;
> + u32 tmp, phym_unspec, *phym;
> int reply_len;
> unsigned char *bp;
>
> @@ -359,12 +359,15 @@ generic_rndis_bind(struct usbnet *dev, struct usb_interface *intf, int flags)
> goto halt_fail_and_release;
>
> /* Check physical medium */
> + phym = NULL;
> reply_len = sizeof *phym;
> retval = rndis_query(dev, intf, u.buf, OID_GEN_PHYSICAL_MEDIUM,
> 0, (void **) &phym, &reply_len);
> - if (retval != 0)
> + if (retval != 0 || !phym) {
> /* OID is optional so don't fail here. */
> - *phym = RNDIS_PHYSICAL_MEDIUM_UNSPECIFIED;
> + phym_unspec = RNDIS_PHYSICAL_MEDIUM_UNSPECIFIED;
> + phym = &phym_unspec;
> + }
applied
prev parent reply other threads:[~2008-03-26 3:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-23 10:45 [PATCH 2.6.25][resend] rndis_host: fix oops when query for OID_GEN_PHYSICAL_MEDIUM fails Jussi Kivilinna
2008-03-26 3:20 ` Jeff Garzik [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47E9C103.8050608@pobox.com \
--to=jgarzik@pobox.com \
--cc=davem@davemloft.net \
--cc=dbrownell@users.sourceforge.net \
--cc=jussi.kivilinna@mbnet.fi \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.