[PATCH] cypress_m8: add sanity checking

2016-03-20 Thread Oliver Neukum 
An attack using missing endpoints exists.
CVE-2016-3137

Signed-off-by: Oliver Neukum 
CC: sta...@vger.kernel.org
---
 drivers/usb/serial/cypress_m8.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/usb/serial/cypress_m8.c b/drivers/usb/serial/cypress_m8.c
index 01bf533..1c6cbf5 100644
--- a/drivers/usb/serial/cypress_m8.c
+++ b/drivers/usb/serial/cypress_m8.c
@@ -447,6 +447,9 @@ static int cypress_generic_port_probe(struct 
usb_serial_port *port)
struct usb_serial *serial = port->serial;
struct cypress_private *priv;
 
+   if (!port->interrupt_out_urb || !port->interrupt_in_urb)
+   return -ENODEV;
+
priv = kzalloc(sizeof(struct cypress_private), GFP_KERNEL);
if (!priv)
return -ENOMEM;
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] cypress_m8: add sanity checking

2016-03-19 Thread Johan Hovold 
On Thu, Mar 17, 2016 at 11:07:31AM +0100, Oliver Neukum wrote:
> An attack using missing endpoints exists.
> CVE-2016-3137
> 
> Signed-off-by: Oliver Neukum 
> CC: sta...@vger.kernel.org
> ---
>  drivers/usb/serial/cypress_m8.c | 12 ++--
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/usb/serial/cypress_m8.c b/drivers/usb/serial/cypress_m8.c
> index 01bf533..8eeff72 100644
> --- a/drivers/usb/serial/cypress_m8.c
> +++ b/drivers/usb/serial/cypress_m8.c
> @@ -447,6 +447,12 @@ static int cypress_generic_port_probe(struct 
> usb_serial_port *port)
>   struct usb_serial *serial = port->serial;
>   struct cypress_private *priv;
>  
> + if (!port->interrupt_out_urb || !port->interrupt_in_urb) {
> + dev_err(>dev,
> + "cypress_m8 is missing a required endpoint");

Trailing '\n' missing.

No need to include the driver name here, it will be added by dev_err.

Also please include a patch revision in the summary when resending (and
a changelog below the cut-off line).

Thanks,
Johan
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] cypress_m8: add sanity checking

2016-03-19 Thread Johan Hovold 
On Wed, Mar 16, 2016 at 03:19:49PM +0100, Oliver Neukum wrote:
> An attack using missing endpoints exists.
> CVE-2016-3137
> 
> Signed-off-by: Oliver Neukum 
> CC: sta...@vger.kernel.org
> ---
>  drivers/usb/serial/cypress_m8.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/usb/serial/cypress_m8.c b/drivers/usb/serial/cypress_m8.c
> index 01bf533..1c6cbf5 100644
> --- a/drivers/usb/serial/cypress_m8.c
> +++ b/drivers/usb/serial/cypress_m8.c
> @@ -447,6 +447,9 @@ static int cypress_generic_port_probe(struct 
> usb_serial_port *port)
>   struct usb_serial *serial = port->serial;
>   struct cypress_private *priv;
>  
> + if (!port->interrupt_out_urb || !port->interrupt_in_urb)
> + return -ENODEV;
> +

This look good, but would you mind adding dev_err in case the expected
endpoints are missing?

You can also remove the interrupt-in-urb check in open().

>   priv = kzalloc(sizeof(struct cypress_private), GFP_KERNEL);
>   if (!priv)
>   return -ENOMEM;

Thanks,
Johan
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] cypress_m8: add sanity checking

2016-03-19 Thread Oliver Neukum 
An attack using missing endpoints exists.
CVE-2016-3137

Signed-off-by: Oliver Neukum 
CC: sta...@vger.kernel.org
---
 drivers/usb/serial/cypress_m8.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/usb/serial/cypress_m8.c b/drivers/usb/serial/cypress_m8.c
index 01bf533..8eeff72 100644
--- a/drivers/usb/serial/cypress_m8.c
+++ b/drivers/usb/serial/cypress_m8.c
@@ -447,6 +447,12 @@ static int cypress_generic_port_probe(struct 
usb_serial_port *port)
struct usb_serial *serial = port->serial;
struct cypress_private *priv;
 
+   if (!port->interrupt_out_urb || !port->interrupt_in_urb) {
+   dev_err(>dev,
+   "cypress_m8 is missing a required endpoint");
+   return -ENODEV;
+   }
+
priv = kzalloc(sizeof(struct cypress_private), GFP_KERNEL);
if (!priv)
return -ENOMEM;
@@ -606,12 +612,6 @@ static int cypress_open(struct tty_struct *tty, struct 
usb_serial_port *port)
cypress_set_termios(tty, port, >tmp_termios);
 
/* setup the port and start reading from the device */
-   if (!port->interrupt_in_urb) {
-   dev_err(>dev, "%s - interrupt_in_urb is empty!\n",
-   __func__);
-   return -1;
-   }
-
usb_fill_int_urb(port->interrupt_in_urb, serial->dev,
usb_rcvintpipe(serial->dev, port->interrupt_in_endpointAddress),
port->interrupt_in_urb->transfer_buffer,
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html