[PATCH v2 1/4] usb: gadget: dfu: Reset global variables on unbind

Jules Maselbas Thu, 26 Mar 2020 11:49:21 -0700

Global variables must be reset to their default value before a new
dfu_bind is done. Otherwise things wont work and are likely to cause
a system crash due to a use after free: the global dfu_files was still
pointing deallocated structure after unbind.


Signed-off-by: Jules Maselbas <jmasel...@kalray.eu>
---
 drivers/usb/gadget/dfu.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/usb/gadget/dfu.c b/drivers/usb/gadget/dfu.c
index c2b3d481a..5bdcb68bf 100644
--- a/drivers/usb/gadget/dfu.c
+++ b/drivers/usb/gadget/dfu.c
@@ -271,6 +271,10 @@ dfu_unbind(struct usb_configuration *c, struct 
usb_function *f)
 {
        struct f_dfu            *dfu = func_to_dfu(f);
 
+       dfu_files = NULL;
+       dfu_file_entry = NULL;
+       dfudetach = 0;
+
        usb_free_all_descriptors(f);
 
        dma_free(dfu->dnreq->buf);
-- 
2.21.0.196.g041f5ea


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 1/4] usb: gadget: dfu: Reset global variables on unbind

Reply via email to