Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933377AbcDKNsu (ORCPT ); Mon, 11 Apr 2016 09:48:50 -0400 Received: from mx2.suse.de ([195.135.220.15]:37426 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932427AbcDKNYC (ORCPT ); Mon, 11 Apr 2016 09:24:02 -0400 X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References" From: Jiri Slaby To: stable@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Oliver Neukum , Oliver Neukum , Jiri Slaby Subject: [PATCH 3.12 47/98] USB: cdc-acm: more sanity checking Date: Mon, 11 Apr 2016 15:22:49 +0200 Message-Id: <7e58c21f9ac2292e84fc88e1dac847bc51ab9d3e.1460380917.git.jslaby@suse.cz> X-Mailer: git-send-email 2.8.1 In-Reply-To: References: In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1106 Lines: 35 From: Oliver Neukum 3.12-stable review patch. If anyone has any objections, please let me know. =============== commit 8835ba4a39cf53f705417b3b3a94eb067673f2c9 upstream. An attack has become available which pretends to be a quirky device circumventing normal sanity checks and crashes the kernel by an insufficient number of interfaces. This patch adds a check to the code path for quirky devices. Signed-off-by: Oliver Neukum Signed-off-by: Jiri Slaby --- drivers/usb/class/cdc-acm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index c0ed832d8ad5..ba6b978d9de4 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -989,6 +989,9 @@ static int acm_probe(struct usb_interface *intf, if (quirks == NO_UNION_NORMAL) { data_interface = usb_ifnum_to_if(usb_dev, 1); control_interface = usb_ifnum_to_if(usb_dev, 0); + /* we would crash */ + if (!data_interface || !control_interface) + return -ENODEV; goto skip_normal_probe; } -- 2.8.1