USB: serial: mos7720: fix NULL-deref at open
authorJohan Hovold <johan@kernel.org>
Tue, 3 Jan 2017 15:39:50 +0000 (16:39 +0100)
committerJohan Hovold <johan@kernel.org>
Wed, 4 Jan 2017 09:37:19 +0000 (10:37 +0100)
Fix NULL-pointer dereference at port open if a device lacks the expected
bulk in and out endpoints.

Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
[<bf071c20>] (mos7720_open [mos7720]) from [<bf0490e0>] (serial_port_activate+0x68/0x98 [usbserial])
[<bf0490e0>] (serial_port_activate [usbserial]) from [<c0470ca4>] (tty_port_open+0x9c/0xe8)
[<c0470ca4>] (tty_port_open) from [<bf049d98>] (serial_open+0x48/0x6c [usbserial])
[<bf049d98>] (serial_open [usbserial]) from [<c0469178>] (tty_open+0xcc/0x5cc)

Fixes: 0f64478cbc7a ("USB: add USB serial mos7720 driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
drivers/usb/serial/mos7720.c

index d52caa03679c6cbc5886316cb27d471d0c4b7bc4..3220d0bc767b2b394e83d29ed3b78aa9d9f8903b 100644 (file)
@@ -1917,6 +1917,11 @@ static int mos7720_startup(struct usb_serial *serial)
        u16 product;
        int ret_val;
 
+       if (serial->num_bulk_in < 2 || serial->num_bulk_out < 2) {
+               dev_err(&serial->interface->dev, "missing bulk endpoints\n");
+               return -ENODEV;
+       }
+
        product = le16_to_cpu(serial->dev->descriptor.idProduct);
        dev = serial->dev;