cdc-acm: hardening against malicious devices
authorOliver Neukum <oneukum@suse.com>
Tue, 20 Sep 2016 13:45:42 +0000 (15:45 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 21 Sep 2016 07:48:27 +0000 (09:48 +0200)
This should fix the last holes against malicious devices
still open in cdc-acm. It cannot go into stable due to
the introduction of the common parser.
The fix for stable already merged also covers the problems this patch
fixes.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/class/cdc-acm.c

index 15ffe389b86f2034821f60a2d2d187e0ce21a299..78f0f85bebdc25ef971405175feb621865f4cad1 100644 (file)
@@ -1179,6 +1179,9 @@ static int acm_probe(struct usb_interface *intf,
                return -EINVAL;
        }
 
+       if (!intf->cur_altsetting)
+               return -EINVAL;
+
        if (!buflen) {
                if (intf->cur_altsetting->endpoint &&
                                intf->cur_altsetting->endpoint->extralen &&
@@ -1232,6 +1235,8 @@ static int acm_probe(struct usb_interface *intf,
                dev_dbg(&intf->dev, "no interfaces\n");
                return -ENODEV;
        }
+       if (!data_interface->cur_altsetting || !control_interface->cur_altsetting)
+               return -ENODEV;
 
        if (data_intf_num != call_intf_num)
                dev_dbg(&intf->dev, "Separate call control interface. That is not fully supported.\n");