diff options
Diffstat (limited to 'input-gtco-fix-crash-on-detecting-device-without-end.patch')
| -rw-r--r-- | input-gtco-fix-crash-on-detecting-device-without-end.patch | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/input-gtco-fix-crash-on-detecting-device-without-end.patch b/input-gtco-fix-crash-on-detecting-device-without-end.patch deleted file mode 100644 index 849f607a5..000000000 --- a/input-gtco-fix-crash-on-detecting-device-without-end.patch +++ /dev/null @@ -1,49 +0,0 @@ -Subject: [PATCH] Input: gtco: fix crash on detecting device without endpoints -From: Vladis Dronov <vdronov@redhat.com> -Date: 2016-03-18 18:35:00 - -The gtco driver expects at least one valid endpoint. If given -malicious descriptors that specify 0 for the number of endpoints, -it will crash in the probe function. Ensure there is at least -one endpoint on the interface before using it. Fix minor coding -style issue. - -The full report of this issue can be found here: -http://seclists.org/bugtraq/2016/Mar/86 - -Reported-by: Ralf Spenneberg <ralf@spenneberg.net> -Signed-off-by: Vladis Dronov <vdronov@redhat.com> ---- - drivers/input/tablet/gtco.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c -index 3a7f3a4..7c18249 100644 ---- a/drivers/input/tablet/gtco.c -+++ b/drivers/input/tablet/gtco.c -@@ -858,6 +858,14 @@ static int gtco_probe(struct usb_interface *usbinterface, - goto err_free_buf; - } - -+ /* Sanity check that a device has an endpoint */ -+ if (usbinterface->altsetting[0].desc.bNumEndpoints < 1) { -+ dev_err(&usbinterface->dev, -+ "Invalid number of endpoints\n"); -+ error = -EINVAL; -+ goto err_free_urb; -+ } -+ - /* - * The endpoint is always altsetting 0, we know this since we know - * this device only has one interrupt endpoint -@@ -879,7 +887,7 @@ static int gtco_probe(struct usb_interface *usbinterface, - * HID report descriptor - */ - if (usb_get_extra_descriptor(usbinterface->cur_altsetting, -- HID_DEVICE_TYPE, &hid_desc) != 0){ -+ HID_DEVICE_TYPE, &hid_desc) != 0) { - dev_err(&usbinterface->dev, - "Can't retrieve exta USB descriptor to get hid report descriptor length\n"); - error = -EIO; --- -2.5.0 |