On 13 March 2017 at 13:40, Johan Hovold <[email protected]> wrote: > Make sure to check the number of endpoints to avoid dereferencing a > NULL-pointer should a malicious device lack endpoints. > > Fixes: 53f3a9e26ed5 ("mmc: USB SD Host Controller (USHC) driver") > Cc: stable <[email protected]> # 2.6.37 > Cc: David Vrabel <[email protected]> > Signed-off-by: Johan Hovold <[email protected]>
Thanks, applied for fixes! Kind regards Uffe > --- > drivers/mmc/host/ushc.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/mmc/host/ushc.c b/drivers/mmc/host/ushc.c > index d2c386f09d69..1d843357422e 100644 > --- a/drivers/mmc/host/ushc.c > +++ b/drivers/mmc/host/ushc.c > @@ -426,6 +426,9 @@ static int ushc_probe(struct usb_interface *intf, const > struct usb_device_id *id > struct ushc_data *ushc; > int ret; > > + if (intf->cur_altsetting->desc.bNumEndpoints < 1) > + return -ENODEV; > + > mmc = mmc_alloc_host(sizeof(struct ushc_data), &intf->dev); > if (mmc == NULL) > return -ENOMEM; > -- > 2.12.0 >
