Re: rndis/cdc_ether usb device causing Oops in 4.4rc1+ with NULL dereference

Sun, 03 Jan 2016 22:35:52 -0800 

On Sun, 2016-01-03 at 20:50 +0100, Bjørn Mork wrote:
> 
> But like you, I cannot find the commit supposed to fix this.  There is
> no such commit in net, net-next, usb or usb-next AFAICS.  And I can't
> find any other relevant commit after the one introducing this bug
> either.  Did you forget to submit it maybe, Oliver?

Hi,

it seems I am becoming forgetful. Vasily, could you test?

        Regards
                Oliver



From f78b52d522f9adfae32af8d7313b51f3af2fcf30 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneu...@suse.com>
Date: Tue, 22 Sep 2015 15:45:21 +0200
Subject: [PATCH] cdc-acm: fix NULL pointer reference

The union descriptor must be checked. Its usage was conditional
before the parser was introduced.

Signed-off-by: Oliver Neukum <oneu...@suse.com>
---
 drivers/net/usb/cdc_ether.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c
index c78d3cb..437d9db 100644
--- a/drivers/net/usb/cdc_ether.c
+++ b/drivers/net/usb/cdc_ether.c
@@ -160,6 +160,12 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf)
 	info->u = header.usb_cdc_union_desc;
 	info->header = header.usb_cdc_header_desc;
 	info->ether = header.usb_cdc_ether_desc;
+	if (!info->u) {
+		if (rndis)
+			goto skip;
+		else /* in that case a quirk is mandatory */
+			goto bad_desc;
+	}
 	/* we need a master/control interface (what we're
 	 * probed with) and a slave/data interface; union
 	 * descriptors sort this all out.
@@ -256,7 +262,7 @@ skip:
 			goto bad_desc;
 		}
 
-	} else if (!info->header || !info->u || (!rndis && !info->ether)) {
+	} else if (!info->header || (!rndis && !info->ether)) {
 		dev_dbg(&intf->dev, "missing cdc %s%s%sdescriptor\n",
 			info->header ? "" : "header ",
 			info->u ? "" : "union ",
-- 
2.1.4

Reply via email to