This is a note to let you know that I've just added the patch titled
Input: xpad - validate USB endpoint count during probe
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
input-xpad-validate-usb-endpoint-count-during-probe.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From caca925fca4fb30c67be88cacbe908eec6721e43 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@xxxxxxxxx>
Date: Wed, 29 Jun 2016 09:51:35 -0700
Subject: Input: xpad - validate USB endpoint count during probe
From: Cameron Gutman <aicommander@xxxxxxxxx>
commit caca925fca4fb30c67be88cacbe908eec6721e43 upstream.
This prevents a malicious USB device from causing an oops.
Signed-off-by: Cameron Gutman <aicommander@xxxxxxxxx>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/input/joystick/xpad.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
@@ -1200,6 +1200,9 @@ static int xpad_probe(struct usb_interfa
int ep_irq_in_idx;
int i, error;
+ if (intf->cur_altsetting->desc.bNumEndpoints != 2)
+ return -ENODEV;
+
for (i = 0; xpad_device[i].idVendor; i++) {
if ((le16_to_cpu(udev->descriptor.idVendor) == xpad_device[i].idVendor) &&
(le16_to_cpu(udev->descriptor.idProduct) == xpad_device[i].idProduct))
Patches currently in stable-queue which might be from aicommander@xxxxxxxxx are
queue-4.4/input-xpad-validate-usb-endpoint-count-during-probe.patch
queue-4.4/input-xpad-fix-oops-when-attaching-an-unknown-xbox-one-gamepad.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html