[PATCH 11/24] USB: serial: mos7720: fix NULL-deref at open

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Johan Hovold <johan@kernel.org>
To: linux-usb@vger.kernel.org
Cc: Johan Hovold <johan@kernel.org>, stable <stable@vger.kernel.org>
Subject: [PATCH 11/24] USB: serial: mos7720: fix NULL-deref at open
Date: Tue,  3 Jan 2017 16:39:50 +0100	[thread overview]
Message-ID: <20170103154003.31860-12-johan@kernel.org> (raw)
In-Reply-To: <20170103154003.31860-1-johan@kernel.org>

Fix NULL-pointer dereference at port open if a device lacks the expected
bulk in and out endpoints.

Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
[<bf071c20>] (mos7720_open [mos7720]) from [<bf0490e0>] (serial_port_activate+0x68/0x98 [usbserial])
[<bf0490e0>] (serial_port_activate [usbserial]) from [<c0470ca4>] (tty_port_open+0x9c/0xe8)
[<c0470ca4>] (tty_port_open) from [<bf049d98>] (serial_open+0x48/0x6c [usbserial])
[<bf049d98>] (serial_open [usbserial]) from [<c0469178>] (tty_open+0xcc/0x5cc)

Fixes: 0f64478cbc7a ("USB: add USB serial mos7720 driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
---
 drivers/usb/serial/mos7720.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c
index d52caa03679c..3220d0bc767b 100644
--- a/drivers/usb/serial/mos7720.c
+++ b/drivers/usb/serial/mos7720.c
@@ -1917,6 +1917,11 @@ static int mos7720_startup(struct usb_serial *serial)
 	u16 product;
 	int ret_val;

+	if (serial->num_bulk_in < 2 || serial->num_bulk_out < 2) {
+		dev_err(&serial->interface->dev, "missing bulk endpoints\n");
+		return -ENODEV;
+	}
+
 	product = le16_to_cpu(serial->dev->descriptor.idProduct);
 	dev = serial->dev;

-- 
2.10.2

next prev parent reply	other threads:[~2017-01-03 15:40 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20170103154003.31860-1-johan@kernel.org>
2017-01-03 15:39 ` [PATCH 01/24] USB: serial: cyberjack: fix NULL-deref at open Johan Hovold
2017-01-03 16:27   ` Greg KH
2017-01-03 16:48     ` Johan Hovold
2017-01-03 16:55       ` Greg KH
2017-01-03 15:39 ` [PATCH 02/24] USB: serial: garmin_gps: fix memory leak on failed URB submit Johan Hovold
2017-01-03 15:39 ` [PATCH 03/24] USB: serial: io_edgeport: fix NULL-deref at open Johan Hovold
2017-01-03 15:39 ` [PATCH 04/24] USB: serial: io_ti: " Johan Hovold
2017-01-03 15:39 ` [PATCH 05/24] USB: serial: io_ti: fix another " Johan Hovold
2017-01-03 15:39 ` [PATCH 06/24] USB: serial: io_ti: fix I/O after disconnect Johan Hovold
2017-01-03 15:39 ` [PATCH 08/24] USB: serial: iuu_phoenix: fix NULL-deref at open Johan Hovold
2017-01-03 15:39 ` [PATCH 09/24] USB: serial: keyspan_pda: verify endpoints at probe Johan Hovold
2017-01-03 15:39 ` [PATCH 10/24] USB: serial: kobil_sct: fix NULL-deref in write Johan Hovold
2017-01-03 15:39 ` Johan Hovold [this message]
2017-01-03 15:39 ` [PATCH 12/24] USB: serial: mos7720: fix use-after-free on probe errors Johan Hovold
2017-01-03 15:39 ` [PATCH 13/24] USB: serial: mos7720: fix parport " Johan Hovold
2017-01-03 15:39 ` [PATCH 14/24] USB: serial: mos7720: fix parallel probe Johan Hovold
2017-01-03 15:39 ` [PATCH 16/24] USB: serial: mos7840: fix NULL-deref at open Johan Hovold
2017-01-03 15:39 ` [PATCH 19/24] USB: serial: omninet: fix NULL-derefs at open and disconnect Johan Hovold
2017-01-03 15:39 ` [PATCH 20/24] USB: serial: oti6858: fix NULL-deref at open Johan Hovold
2017-01-03 15:40 ` [PATCH 21/24] USB: serial: pl2303: " Johan Hovold
2017-01-03 15:40 ` [PATCH 22/24] USB: serial: quatech2: fix sleep-while-atomic in close Johan Hovold
2017-01-03 15:40 ` [PATCH 23/24] USB: serial: spcp8x5: fix NULL-deref at open Johan Hovold
2017-01-03 15:40 ` [PATCH 24/24] USB: serial: ti_usb_3410_5052: " Johan Hovold

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d52caa03679 dfblob:3220d0bc767 )
 OR (
bs:"[PATCH 11/24] USB: serial: mos7720: fix NULL-deref at open" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170103154003.31860-12-johan@kernel.org \
    --to=johan@kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).