On Sun, 2016-01-03 at 20:50 +0100, Bjørn Mork wrote:
>
> But like you, I cannot find the commit supposed to fix this. There is
> no such commit in net, net-next, usb or usb-next AFAICS. And I can't
> find any other relevant commit after the one introducing this bug
> either. Did you forget to submit it maybe, Oliver?
Hi,
it seems I am becoming forgetful. Vasily, could you test?
Regards
Oliver
From f78b52d522f9adfae32af8d7313b51f3af2fcf30 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <[email protected]>
Date: Tue, 22 Sep 2015 15:45:21 +0200
Subject: [PATCH] cdc-acm: fix NULL pointer reference
The union descriptor must be checked. Its usage was conditional
before the parser was introduced.
Signed-off-by: Oliver Neukum <[email protected]>
---
drivers/net/usb/cdc_ether.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c
index c78d3cb..437d9db 100644
--- a/drivers/net/usb/cdc_ether.c
+++ b/drivers/net/usb/cdc_ether.c
@@ -160,6 +160,12 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf)
info->u = header.usb_cdc_union_desc;
info->header = header.usb_cdc_header_desc;
info->ether = header.usb_cdc_ether_desc;
+ if (!info->u) {
+ if (rndis)
+ goto skip;
+ else /* in that case a quirk is mandatory */
+ goto bad_desc;
+ }
/* we need a master/control interface (what we're
* probed with) and a slave/data interface; union
* descriptors sort this all out.
@@ -256,7 +262,7 @@ skip:
goto bad_desc;
}
- } else if (!info->header || !info->u || (!rndis && !info->ether)) {
+ } else if (!info->header || (!rndis && !info->ether)) {
dev_dbg(&intf->dev, "missing cdc %s%s%sdescriptor\n",
info->header ? "" : "header ",
info->u ? "" : "union ",
--
2.1.4
