| From 8835ba4a39cf53f705417b3b3a94eb067673f2c9 Mon Sep 17 00:00:00 2001 |
| From: Oliver Neukum <oneukum@suse.com> |
| Date: Tue, 15 Mar 2016 10:14:04 +0100 |
| Subject: USB: cdc-acm: more sanity checking |
| |
| From: Oliver Neukum <oneukum@suse.com> |
| |
| commit 8835ba4a39cf53f705417b3b3a94eb067673f2c9 upstream. |
| |
| An attack has become available which pretends to be a quirky |
| device circumventing normal sanity checks and crashes the kernel |
| by an insufficient number of interfaces. This patch adds a check |
| to the code path for quirky devices. |
| |
| Signed-off-by: Oliver Neukum <ONeukum@suse.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/usb/class/cdc-acm.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| --- a/drivers/usb/class/cdc-acm.c |
| +++ b/drivers/usb/class/cdc-acm.c |
| @@ -1114,6 +1114,9 @@ static int acm_probe(struct usb_interfac |
| if (quirks == NO_UNION_NORMAL) { |
| data_interface = usb_ifnum_to_if(usb_dev, 1); |
| control_interface = usb_ifnum_to_if(usb_dev, 0); |
| + /* we would crash */ |
| + if (!data_interface || !control_interface) |
| + return -ENODEV; |
| goto skip_normal_probe; |
| } |
| |