This fixes a NULL pointer dereference triggered by an off-by-one
error, if the USB_REQ_SET_CONFIGURATION request to the device in
usb_reset_configuration() fails.
Signed-off-by: Michael Buesch <mb@xxxxxxxxx>
Cc: stable@xxxxxxxxxx
---
Alan, this fixes the crash.
Index: linux-2.6.33/drivers/usb/core/message.c
===================================================================
--- linux-2.6.33.orig/drivers/usb/core/message.c 2010-05-02 19:41:58.000000000 +0200
+++ linux-2.6.33/drivers/usb/core/message.c 2010-05-02 19:42:46.000000000 +0200
@@ -1489,8 +1489,10 @@ reset_old_alts:
USB_REQ_SET_CONFIGURATION, 0,
config->desc.bConfigurationValue, 0,
NULL, 0, USB_CTRL_SET_TIMEOUT);
- if (retval < 0)
+ if (retval < 0) {
+ i--;
goto reset_old_alts;
+ }
mutex_unlock(&hcd->bandwidth_mutex);
/* re-init hc/hcd interface/endpoint state */
--
Greetings, Michael.
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
