Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2298751ybl; Thu, 19 Dec 2019 11:12:03 -0800 (PST) X-Google-Smtp-Source: APXvYqyQuPqLnE2kG8SQWUBLuvgo85pPBqxsLZk0N7CNS9Spc8TOxZzV/CrpSmvW64xmqEGpBTBB X-Received: by 2002:a05:6808:294:: with SMTP id z20mr1530780oic.1.1576782723146; Thu, 19 Dec 2019 11:12:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576782723; cv=none; d=google.com; s=arc-20160816; b=UIrEpvaOcd4yxXAdtzEDv4D6+MLsD2LdX7zidJjkHwVAWFOvfaSxYhU67hZl1v3rm3 vwOuy2p5cXfJN4rp9NOoNm0Als0SxGNKXAxpqCIdH0bAlHIEFgs4rsGDAk9+0jsktrnt KTjvOqLzFQL97C/pJw2wdshE6QWD3M1Wo03qirHzq/UAwA0UmL4YNJTwFC298Z0BnIvf KSDOyYPG3Mh8v1x5lsJ8bPBpkCX/ce7S/SSiwkv1gt9Aqx6qOh18TPDAHBMpkPUZzGx4 Xl9K8rKl2wZpRSzcnq4vz8/k1FczE8cTZaRe2WFcKoSLjSjsuQcC/gX0zpqo3BCmso3a HRDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=QOqdxXvEZM5+Q8y2Wa0AHXYC0aQQ3QJ1JJV2rUPLt88=; b=OB9rgrHP5H33SA9TPPiVXames/qpzMyakNOJ9G4m5IYOwEJoRoD+fGCphpwRNtnSws J+fszGkeV6e7njmjf+ouuLmO94SThyYgoBZXhBwTPq47TdavmEc65joKRC79SbzqA3dh zoz5KPdhING7zrc4+1ShNWWeSvcPIQfh2DvoG2t0Tmnz26PS53U6mA62HBwUUeXnOk01 5cS39Vp20lhxcRXdht/HF3QruVrEOLMcuNKOMBQsN11R1XN99fXj0TbpeNrH2V5ngyq8 lEPehjB1TS37PvTVVW50xcHrYMBTQpiudELzeIqGByNL5s+SjjoCCrXqQuxO2EoGEJrm aHQw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=na4aEdpV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q189si3430183oib.179.2019.12.19.11.11.51; Thu, 19 Dec 2019 11:12:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=na4aEdpV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727743AbfLSSie (ORCPT + 99 others); Thu, 19 Dec 2019 13:38:34 -0500 Received: from mail.kernel.org ([198.145.29.99]:56506 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726840AbfLSSia (ORCPT ); Thu, 19 Dec 2019 13:38:30 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A651D20716; Thu, 19 Dec 2019 18:38:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1576780710; bh=3TWcu9/vsPKBynX4OuH3lh8x9lLJu48NKdQdI7KMP8E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=na4aEdpVcfcHc1kAjrbENQia3R21v5usnEIX/OIpAtdXCWKgEypR0VvOv9KvcDrv+ 5KgIrVvQaZhPAbcCLZ+YXE07+mLYWGl69Ev0/03Sn/m1lu6n5pQvFejslGMfi5DS4F QoQrzoconsVxFF6H4SxYEg5EFHNOePJpGjH/Tjg4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+35b1c403a14f5c89eba7@syzkaller.appspotmail.com, Hansjoerg Lipp , Tilman Schmidt , Johan Hovold Subject: [PATCH 4.4 086/162] staging: gigaset: fix general protection fault on probe Date: Thu, 19 Dec 2019 19:33:14 +0100 Message-Id: <20191219183213.025639432@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191219183150.477687052@linuxfoundation.org> References: <20191219183150.477687052@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johan Hovold commit 53f35a39c3860baac1e5ca80bf052751cfb24a99 upstream. Fix a general protection fault when accessing the endpoint descriptors which could be triggered by a malicious device due to missing sanity checks on the number of endpoints. Reported-by: syzbot+35b1c403a14f5c89eba7@syzkaller.appspotmail.com Fixes: 07dc1f9f2f80 ("[PATCH] isdn4linux: Siemens Gigaset drivers - M105 USB DECT adapter") Cc: stable # 2.6.17 Cc: Hansjoerg Lipp Cc: Tilman Schmidt Signed-off-by: Johan Hovold Link: https://lore.kernel.org/r/20191202085610.12719-2-johan@kernel.org Signed-off-by: Greg Kroah-Hartman --- drivers/isdn/gigaset/usb-gigaset.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/drivers/isdn/gigaset/usb-gigaset.c +++ b/drivers/isdn/gigaset/usb-gigaset.c @@ -688,6 +688,11 @@ static int gigaset_probe(struct usb_inte return -ENODEV; } + if (hostif->desc.bNumEndpoints < 2) { + dev_err(&interface->dev, "missing endpoints\n"); + return -ENODEV; + } + dev_info(&udev->dev, "%s: Device matched ... !\n", __func__); /* allocate memory for our device state and initialize it */