From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:36731 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932585AbcHHTUY (ORCPT ); Mon, 8 Aug 2016 15:20:24 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Cameron Gutman , Dmitry Torokhov Subject: [PATCH 4.6 41/96] Input: xpad - validate USB endpoint count during probe Date: Mon, 8 Aug 2016 21:11:04 +0200 Message-Id: <20160808180245.690537056@linuxfoundation.org> In-Reply-To: <20160808180243.898163389@linuxfoundation.org> References: <20160808180243.898163389@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: stable-owner@vger.kernel.org List-ID: 4.6-stable review patch. If anyone has any objections, please let me know. ------------------ From: Cameron Gutman commit caca925fca4fb30c67be88cacbe908eec6721e43 upstream. This prevents a malicious USB device from causing an oops. Signed-off-by: Cameron Gutman Signed-off-by: Dmitry Torokhov Signed-off-by: Greg Kroah-Hartman --- drivers/input/joystick/xpad.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -1421,6 +1421,9 @@ static int xpad_probe(struct usb_interfa int ep_irq_in_idx; int i, error; + if (intf->cur_altsetting->desc.bNumEndpoints != 2) + return -ENODEV; + for (i = 0; xpad_device[i].idVendor; i++) { if ((le16_to_cpu(udev->descriptor.idVendor) == xpad_device[i].idVendor) && (le16_to_cpu(udev->descriptor.idProduct) == xpad_device[i].idProduct))