Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp91572ybi; Fri, 26 Jul 2019 06:37:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqwHdTc+451jD6hW3mwMu4isrQ5usyJQVLyeUAh42M4QbbiGu3w8ZyWsCwYicOg1ICLc/I1x X-Received: by 2002:a65:4b8b:: with SMTP id t11mr91050913pgq.130.1564148242377; Fri, 26 Jul 2019 06:37:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564148242; cv=none; d=google.com; s=arc-20160816; b=dAsQJnOnvlYB92BTYEoIrysnx7crvY4qZXJclVbiX4TqBgNpD9mp3m5byRFl2edIZX +zXIietRa06svmIMdGitk8VzKsF2pUMx2C+sfRfpxESH5+bL6lVHuwV2MzRYQuK/Mw+7 /MQBIZyDg0OThx+v2QMSDmUWdrt8hPEVwIA+9bOgEOLTyiUFREiGttAbjmBvAQ3/mJL3 IWkiypHjh8bQ91ykX6udcgv8KYfYM13LEJiQQzflMt+TjBnE0JBh0DSkpGV+PLzqxSzw Zf1HVHT4Y55lQxrdVIuZs03AmzsgMklvo0rUbvkKwJlXRpQp/h02l0TGSgsgtvqHmFpM uX6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=5vo7sld/uL/U9JDdD3PiiYj0frOzh5KbSziKzqfPl7Y=; b=cUwkhB0ipkiDsiJsnWbN/WnqYoDDqN1HS5m3h9KRcirt+twYaqazi0EJ2xxhnr6hQe EEpqClaacuIfSomiGUD0R6F0z9eAloS8F/EqoG92HxKpJ2bchjMvTsRXfGhRQ9xwoyFn gfAoZx20bMlDecpg8DfvJlLSKJoC0tlqr3HzquiEW3f4CNYEWoiL7hDd5UfjAdqZh2gW G5ckRA8QJ9gij8jcTSkc1SjZ9uLeDcdHY6t3rm9dBAEFJZ0tskN8N5gkpVRimUhAsNkM 1nAEKyhMWEKa2Gy0DeH+3NyOiDGH8mFn9qbfN1nf9KIedaKT0n8ZhGSiZqphh6oVGtvh naBA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=bvaxc3gC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h6si19252165pll.313.2019.07.26.06.37.07; Fri, 26 Jul 2019 06:37:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=bvaxc3gC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727294AbfGZNfk (ORCPT + 99 others); Fri, 26 Jul 2019 09:35:40 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:41419 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726265AbfGZNfk (ORCPT ); Fri, 26 Jul 2019 09:35:40 -0400 Received: by mail-pg1-f196.google.com with SMTP id x15so14464511pgg.8; Fri, 26 Jul 2019 06:35:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=5vo7sld/uL/U9JDdD3PiiYj0frOzh5KbSziKzqfPl7Y=; b=bvaxc3gCcfame+Q7d7uO/NY/FkQ9rJUTag603siglBaLoqGN8SEYdK3RHmkYQCG+p9 84Em6VvzsTR1HT9pWwSAOEMm4sIvfSxX8z3M37/QctZRxtzNv6el8uI9JIlefP/x7P16 BOXigXPT75K1aiUumlTzYWOttmQITS9EZmRE3/W1cxVsHTZZ+JmnWKlr64+ADPFuVDvr pW4cAmx09+P9Yx79zqCMLjb6ZNQ+oglWkm9wFL+PwMH2VSFpmdHEDraifefvotPNk2cW vexG7n+hzYmIvjNJ1gXVN4fHgCAUnCJHa75ism5eSt7znXqBuNSD5dCrY1SpxweiQ43Q ndjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=5vo7sld/uL/U9JDdD3PiiYj0frOzh5KbSziKzqfPl7Y=; b=JskinGmQNG7rtZr207huu1YrBRX/8OhbPd27X6tpGnSHFJW9M38En5qTYAJw8BQ2Vz zIJKKh81MtPj6HXwjSvlty8LCWj3Jj90qfzFSq8LN7CpciOAbqK0GOhc0HAH4KIZ3thS wIcbeztx1cnsXnVuvk0Hb6Q43uSAa9eCY7w6ueDfrgUNjwqT0qHxeFmko1yc4DRkADQ1 3zmbKBuWrJETqs/+2Kizi5GmGPNUXjhr1R9SXlCkWMe0NpV4NDl5KdEFBviRZFtqEf0c CEhQOS7FQzARLqIzKP+N93U6uuB1HdCT3znuFL1jCjdg0oquqZV10EyIckLrsxu/OuJP FqNw== X-Gm-Message-State: APjAAAVsqIaCzyTVvAlSbXE85vlnT2skuV1BZINKjHB3LtvRNgbebBUQ Nycy8fLvd4t5Sfkwoz6vWZo= X-Received: by 2002:a62:be0c:: with SMTP id l12mr22452326pff.224.1564148139716; Fri, 26 Jul 2019 06:35:39 -0700 (PDT) Received: from debian.net.fpt ([2405:4800:58f7:1782:e03a:f6b:ecba:b51]) by smtp.gmail.com with ESMTPSA id 137sm64940745pfz.112.2019.07.26.06.35.37 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Fri, 26 Jul 2019 06:35:39 -0700 (PDT) From: Phong Tran To: pebolle@tiscali.nl, isdn@linux-pingi.de, gregkh@linuxfoundation.org Cc: gigaset307x-common@lists.sourceforge.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kernel-mentees@lists.linuxfoundation.org, Phong Tran , syzbot+35b1c403a14f5c89eba7@syzkaller.appspotmail.com Subject: [PATCH] isdn/gigaset: check endpoint null in gigaset_probe Date: Fri, 26 Jul 2019 20:35:28 +0700 Message-Id: <20190726133528.11063-1-tranmanphong@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This fixed the potential reference NULL pointer while using variable endpoint. Reported-by: syzbot+35b1c403a14f5c89eba7@syzkaller.appspotmail.com Tested by syzbot: https://groups.google.com/d/msg/syzkaller-bugs/wnHG8eRNWEA/Qn2HhjNdBgAJ Signed-off-by: Phong Tran --- drivers/isdn/gigaset/usb-gigaset.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/isdn/gigaset/usb-gigaset.c b/drivers/isdn/gigaset/usb-gigaset.c index 1b9b43659bdf..2e011f3db59e 100644 --- a/drivers/isdn/gigaset/usb-gigaset.c +++ b/drivers/isdn/gigaset/usb-gigaset.c @@ -703,6 +703,10 @@ static int gigaset_probe(struct usb_interface *interface, usb_set_intfdata(interface, cs); endpoint = &hostif->endpoint[0].desc; + if (!endpoint) { + dev_err(cs->dev, "Couldn't get control endpoint\n"); + return -ENODEV; + } buffer_size = le16_to_cpu(endpoint->wMaxPacketSize); ucs->bulk_out_size = buffer_size; @@ -722,6 +726,11 @@ static int gigaset_probe(struct usb_interface *interface, } endpoint = &hostif->endpoint[1].desc; + if (!endpoint) { + dev_err(cs->dev, "Endpoint not available\n"); + retval = -ENODEV; + goto error; + } ucs->busy = 0; -- 2.20.1