On Wed, 2016-03-16 at 10:58 -0400, Johan Hovold wrote:
> Note that this needs to be done for not just the port structure
> (ds_oob_port) by making sure that the serial->num_ports is large
> enough,
> but also that the oob-port has indeed got a write urb allocated (i.e.
> that all expected bulk-out endpoints are available)
How about this version?
We really should have a way to specify that to the generic serial
driver.
Regards
Oliver
From 75c015b7281411abbfc4c148e648786258cffedb Mon Sep 17 00:00:00 2001
From: Oliver Neukum <[email protected]>
Date: Mon, 14 Mar 2016 15:33:15 +0100
Subject: [PATCH] digi_acceleport: do sanity checking for the number of ports
The driver can be crashed with devices that expose crafted
descriptors with too few endpoints.
See:
http://seclists.org/bugtraq/2016/Mar/61
Signed-off-by: Oliver Neukum <[email protected]>
---
drivers/usb/serial/digi_acceleport.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/serial/digi_acceleport.c b/drivers/usb/serial/digi_acceleport.c
index 12b0e67..40584d5 100644
--- a/drivers/usb/serial/digi_acceleport.c
+++ b/drivers/usb/serial/digi_acceleport.c
@@ -1302,6 +1302,9 @@ static void digi_release(struct usb_serial *serial)
static int digi_port_probe(struct usb_serial_port *port)
{
+ if (!port->read_urb || !port->write_urb)
+ return -ENODEV;
+
return digi_port_init(port, port->port_number);
}
--
2.1.4
