From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com ([192.55.52.120]:58939 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750888AbcCYC7L (ORCPT ); Thu, 24 Mar 2016 22:59:11 -0400 From: Lu Baolu To: baolu.lu@linux.intel.com Cc: Oliver Neukum , stable@vger.kernel.org Subject: [PATCH 02/10] USB: cdc-acm: more sanity checking Date: Fri, 25 Mar 2016 10:58:58 +0800 Message-Id: <1458874746-958-2-git-send-email-baolu.lu@linux.intel.com> In-Reply-To: <1458874746-958-1-git-send-email-baolu.lu@linux.intel.com> References: <1458874746-958-1-git-send-email-baolu.lu@linux.intel.com> Sender: stable-owner@vger.kernel.org List-ID: From: Oliver Neukum An attack has become available which pretends to be a quirky device circumventing normal sanity checks and crashes the kernel by an insufficient number of interfaces. This patch adds a check to the code path for quirky devices. Signed-off-by: Oliver Neukum CC: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman --- drivers/usb/class/cdc-acm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 1d2c99a..83fd30b 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -1179,6 +1179,9 @@ static int acm_probe(struct usb_interface *intf, if (quirks == NO_UNION_NORMAL) { data_interface = usb_ifnum_to_if(usb_dev, 1); control_interface = usb_ifnum_to_if(usb_dev, 0); + /* we would crash */ + if (!data_interface || !control_interface) + return -ENODEV; goto skip_normal_probe; } -- 2.1.4