rpms / kernel

Clone
Source Code
GIT

Blame cypress_m8-add-sanity-checking.patch

26 Label_NFS f10 f11 f12 f12-user-myoung-xendom0 f13 f13-2.6.33-master f13-user-steved-pnfs-13 f14 f14-user-kyle-bz664206 f14-user-kyle-f14-2.6.37 f14-user-lkundrak-vaio-brightness-645937 f14-user-steved-pnfs-f14 f15 f15-2.6.39 f15-30-going-on-40 f15-user-steved-pnfs-f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f25-pf f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main oneoffs private-jcm-arm-nosmp-kallsyms private-jcm-arm-nosmp-kallsyms-f17 private-nhorman-sgx-v15 rawhide rhbz_1205083 stabilization talos user/steved/f19-lnfs-v3.8 user/steved/f19-lnfs-v3.8-rc7
  1.   5724250a0ad240f39326cf6ba1d15593fe0fd95f
  2.   cypress_m8-add-sanity-checking.patch
Blob History Raw
6204283 
From f7a3aa353011e38e119adebd845b38551587a26a Mon Sep 17 00:00:00 2001
6204283 
From: Oliver Neukum <oneukum@suse.com>
6204283 
Date: Thu, 17 Mar 2016 16:25:33 +0100
6204283 
Subject: [PATCH] cypress_m8: add sanity checking
6204283
6204283 
An attack using missing endpoints exists.
6204283 
CVE-2016-3137
6204283
6204283 
Signed-off-by: Oliver Neukum <ONeukum@suse.com>
6204283 
CC: stable@vger.kernel.org
6204283
6204283 
v1 - add sanity check
6204283 
v2 - add error logging
6204283 
v3 - correct error message
6204283 
---
6204283 
 drivers/usb/serial/cypress_m8.c | 11 +++++------
6204283 
 1 file changed, 5 insertions(+), 6 deletions(-)
6204283
6204283 
diff --git a/drivers/usb/serial/cypress_m8.c b/drivers/usb/serial/cypress_m8.c
6204283 
index 01bf53392819..5e25443fe4ef 100644
6204283 
--- a/drivers/usb/serial/cypress_m8.c
6204283 
+++ b/drivers/usb/serial/cypress_m8.c
6204283 
@@ -447,6 +447,11 @@ static int cypress_generic_port_probe(struct usb_serial_port *port)
6204283 
 	struct usb_serial *serial = port->serial;
6204283 
 	struct cypress_private *priv;
6204283
6204283 
+	if (!port->interrupt_out_urb || !port->interrupt_in_urb) {
6204283 
+		dev_err(&port->dev, "A required endpoint is missing\n");
6204283 
+		return -ENODEV;
6204283 
+	}
6204283 
+
6204283 
 	priv = kzalloc(sizeof(struct cypress_private), GFP_KERNEL);
6204283 
 	if (!priv)
6204283 
 		return -ENOMEM;
6204283 
@@ -606,12 +611,6 @@ static int cypress_open(struct tty_struct *tty, struct usb_serial_port *port)
6204283 
 		cypress_set_termios(tty, port, &priv->tmp_termios);
6204283
6204283 
 	/* setup the port and start reading from the device */
6204283 
-	if (!port->interrupt_in_urb) {
6204283 
-		dev_err(&port->dev, "%s - interrupt_in_urb is empty!\n",
6204283 
-			__func__);
6204283 
-		return -1;
6204283 
-	}
6204283 
-
6204283 
 	usb_fill_int_urb(port->interrupt_in_urb, serial->dev,
6204283 
 		usb_rcvintpipe(serial->dev, port->interrupt_in_endpointAddress),
6204283 
 		port->interrupt_in_urb->transfer_buffer,
6204283 
--
6204283 
2.5.0
6204283
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.