On 13 March 2017 at 13:40, Johan Hovold <johan@xxxxxxxxxx> wrote:
> Make sure to check the number of endpoints to avoid dereferencing a
> NULL-pointer should a malicious device lack endpoints.
>
> Fixes: 53f3a9e26ed5 ("mmc: USB SD Host Controller (USHC) driver")
> Cc: stable <stable@xxxxxxxxxxxxxxx> # 2.6.37
> Cc: David Vrabel <david.vrabel@xxxxxxx>
> Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
Thanks, applied for fixes!
Kind regards
Uffe
> ---
> drivers/mmc/host/ushc.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/mmc/host/ushc.c b/drivers/mmc/host/ushc.c
> index d2c386f09d69..1d843357422e 100644
> --- a/drivers/mmc/host/ushc.c
> +++ b/drivers/mmc/host/ushc.c
> @@ -426,6 +426,9 @@ static int ushc_probe(struct usb_interface *intf, const struct usb_device_id *id
> struct ushc_data *ushc;
> int ret;
>
> + if (intf->cur_altsetting->desc.bNumEndpoints < 1)
> + return -ENODEV;
> +
> mmc = mmc_alloc_host(sizeof(struct ushc_data), &intf->dev);
> if (mmc == NULL)
> return -ENOMEM;
> --
> 2.12.0
>
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
