[PATCH 3.12 103/235] USB: serial: mos7720: fix NULL-deref at open

From: Jiri Slaby
Date: Fri Jan 27 2017 - 06:48:49 EST


From: Johan Hovold <johan@xxxxxxxxxx>

3.12-stable review patch. If anyone has any objections, please let me know.

===============

commit b05aebc25fdc5aeeac3ee29f0dc9f58dd07c13cc upstream.

Fix NULL-pointer dereference at port open if a device lacks the expected
bulk in and out endpoints.

Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
[<bf071c20>] (mos7720_open [mos7720]) from [<bf0490e0>] (serial_port_activate+0x68/0x98 [usbserial])
[<bf0490e0>] (serial_port_activate [usbserial]) from [<c0470ca4>] (tty_port_open+0x9c/0xe8)
[<c0470ca4>] (tty_port_open) from [<bf049d98>] (serial_open+0x48/0x6c [usbserial])
[<bf049d98>] (serial_open [usbserial]) from [<c0469178>] (tty_open+0xcc/0x5cc)

Fixes: 0f64478cbc7a ("USB: add USB serial mos7720 driver")
Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
---
drivers/usb/serial/mos7720.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c
index d40e1dccb998..b0695b667fb2 100644
--- a/drivers/usb/serial/mos7720.c
+++ b/drivers/usb/serial/mos7720.c
@@ -1916,6 +1916,11 @@ static int mos7720_startup(struct usb_serial *serial)
u16 product;
int ret_val;

+ if (serial->num_bulk_in < 2 || serial->num_bulk_out < 2) {
+ dev_err(&serial->interface->dev, "missing bulk endpoints\n");
+ return -ENODEV;
+ }
+
product = le16_to_cpu(serial->dev->descriptor.idProduct);
dev = serial->dev;

--
2.11.0