3.2.80-rc1 review patch. If anyone has any objections, please let me know.
------------------ From: Oliver Neukum <oneu...@suse.com> commit 0b818e3956fc1ad976bee791eadcbb3b5fec5bfd upstream. Attacks that trick drivers into passing a NULL pointer to usb_driver_claim_interface() using forged descriptors are known. This thwarts them by sanity checking. Signed-off-by: Oliver Neukum <oneu...@suse.com> Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> [bwh: Backported to 3.2: adjust context] Signed-off-by: Ben Hutchings <b...@decadent.org.uk> --- drivers/usb/core/driver.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/drivers/usb/core/driver.c +++ b/drivers/usb/core/driver.c @@ -428,9 +428,13 @@ static int usb_unbind_interface(struct d int usb_driver_claim_interface(struct usb_driver *driver, struct usb_interface *iface, void *priv) { - struct device *dev = &iface->dev; + struct device *dev; int retval = 0; + if (!iface) + return -ENODEV; + + dev = &iface->dev; if (dev->driver) return -EBUSY;