On Wed, 2016-03-16 at 10:58 -0400, Johan Hovold wrote: > Note that this needs to be done for not just the port structure > (ds_oob_port) by making sure that the serial->num_ports is large > enough, > but also that the oob-port has indeed got a write urb allocated (i.e. > that all expected bulk-out endpoints are available) How about this version? We really should have a way to specify that to the generic serial driver. Regards Oliver
From 75c015b7281411abbfc4c148e648786258cffedb Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum@xxxxxxxx> Date: Mon, 14 Mar 2016 15:33:15 +0100 Subject: [PATCH] digi_acceleport: do sanity checking for the number of ports The driver can be crashed with devices that expose crafted descriptors with too few endpoints. See: http://seclists.org/bugtraq/2016/Mar/61 Signed-off-by: Oliver Neukum <ONeukum@xxxxxxxx> --- drivers/usb/serial/digi_acceleport.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/serial/digi_acceleport.c b/drivers/usb/serial/digi_acceleport.c index 12b0e67..40584d5 100644 --- a/drivers/usb/serial/digi_acceleport.c +++ b/drivers/usb/serial/digi_acceleport.c @@ -1302,6 +1302,9 @@ static void digi_release(struct usb_serial *serial) static int digi_port_probe(struct usb_serial_port *port) { + if (!port->read_urb || !port->write_urb) + return -ENODEV; + return digi_port_init(port, port->port_number); } -- 2.1.4
