| From e4a3d94658b5760fc947d7f7185c57db47ca362a Mon Sep 17 00:00:00 2001 |
| From: Roel Kluin <roel.kluin@gmail.com> |
| Date: Thu, 18 Feb 2010 02:36:23 +0100 |
| Subject: USB: don't read past config->interface[] if usb_control_msg() fails in usb_reset_configuration() |
| |
| From: Roel Kluin <roel.kluin@gmail.com> |
| |
| commit e4a3d94658b5760fc947d7f7185c57db47ca362a upstream. |
| |
| While looping over the interfaces, if usb_hcd_alloc_bandwidth() fails it calls |
| hcd->driver->reset_bandwidth(), so there was no need to reinstate the interface |
| again. |
| |
| If no break occurred, the index equals config->desc.bNumInterfaces. A |
| subsequent usb_control_msg() failure resulted in a read from |
| config->interface[config->desc.bNumInterfaces] at label reset_old_alts. |
| |
| In either case the last interface should be skipped. |
| |
| Signed-off-by: Roel Kluin <roel.kluin@gmail.com> |
| Acked-by: Alan Stern <stern@rowland.harvard.edu> |
| Acked-by: Sarah Sharp <sarah.a.sharp@linux.intel.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/usb/core/message.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/drivers/usb/core/message.c |
| +++ b/drivers/usb/core/message.c |
| @@ -1471,7 +1471,7 @@ int usb_reset_configuration(struct usb_d |
| /* If not, reinstate the old alternate settings */ |
| if (retval < 0) { |
| reset_old_alts: |
| - for (; i >= 0; i--) { |
| + for (i--; i >= 0; i--) { |
| struct usb_interface *intf = config->interface[i]; |
| struct usb_host_interface *alt; |
| |
