Tree - rpms/kernel - src.fedoraproject.org

Blob History Raw

		a01e1aa	`Subject: [PATCH v2] mct_u232: sanity checking in probe`
		a01e1aa	`From: Oliver Neukum <oneukum@suse.com>`
		a01e1aa	`Date: 2016-03-21 13:14:37`
		a01e1aa
		a01e1aa	`An attack using the lack of sanity checking in probe`
		a01e1aa	`is known. This patch checks for the existance of a`
		a01e1aa	`second port.`
		a01e1aa	`CVE-2016-3136`
		a01e1aa
		a01e1aa	`Signed-off-by: Oliver Neukum <ONeukum@suse.com>`
		a01e1aa	`CC: stable@vger.kernel.org`
		a01e1aa
		a01e1aa	`v1 - add sanity check for presence of a second port`
		a01e1aa	`v2 - add sanity check for an interrupt endpoint`
		a01e1aa	`---`
		a01e1aa	`drivers/usb/serial/mct_u232.c \| 4 ++++`
		a01e1aa	`1 file changed, 4 insertions(+)`
		a01e1aa
		a01e1aa	`diff --git a/drivers/usb/serial/mct_u232.c b/drivers/usb/serial/mct_u232.c`
		a01e1aa	`index 4446b8d..3e64538 100644`
		a01e1aa	`--- a/drivers/usb/serial/mct_u232.c`
		a01e1aa	`+++ b/drivers/usb/serial/mct_u232.c`
		a01e1aa	`@@ -378,6 +378,10 @@ static int mct_u232_port_probe(struct usb_serial_port *port)`
		a01e1aa	`{`
		a01e1aa	`struct mct_u232_private *priv;`
		a01e1aa
		a01e1aa	`+ /* check first to simplify error handling */`
		a01e1aa	`+ if (!port->serial->port[1] \|\| !port->serial->port[1]->interrupt_in_urb)`
		a01e1aa	`+ return -ENODEV;`
		a01e1aa	`+`
		a01e1aa	`priv = kzalloc(sizeof(*priv), GFP_KERNEL);`
		a01e1aa	`if (!priv)`
		a01e1aa	`return -ENOMEM;`
		a01e1aa	`--`
		a01e1aa	`2.1.4`