| From e42f5de144b820efb4f9260ac9a8621c2183a7b2 Mon Sep 17 00:00:00 2001 |
| From: Johan Hovold <johan@kernel.org> |
| Date: Thu, 16 Mar 2017 11:34:02 -0700 |
| Subject: [PATCH] Input: iforce - validate number of endpoints before using |
| them |
| |
| commit 59cf8bed44a79ec42303151dd014fdb6434254bb upstream. |
| |
| Make sure to check the number of endpoints to avoid dereferencing a |
| NULL-pointer or accessing memory that lie beyond the end of the endpoint |
| array should a malicious device lack the expected endpoints. |
| |
| Signed-off-by: Johan Hovold <johan@kernel.org> |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/drivers/input/joystick/iforce/iforce-usb.c b/drivers/input/joystick/iforce/iforce-usb.c |
| index d96aa27dfcdc..db64adfbe1af 100644 |
| --- a/drivers/input/joystick/iforce/iforce-usb.c |
| +++ b/drivers/input/joystick/iforce/iforce-usb.c |
| @@ -141,6 +141,9 @@ static int iforce_usb_probe(struct usb_interface *intf, |
| |
| interface = intf->cur_altsetting; |
| |
| + if (interface->desc.bNumEndpoints < 2) |
| + return -ENODEV; |
| + |
| epirq = &interface->endpoint[0].desc; |
| epout = &interface->endpoint[1].desc; |
| |
| -- |
| 2.12.0 |
| |
