[PATCH 5/7] Input: hanwang - fix NULL-deref at probe

From: Johan Hovold
Date: Mon Mar 13 2017 - 08:36:52 EST

Next message: Johan Hovold: "[PATCH 4/7] Input: yealink - fix NULL-deref at probe"
Previous message: Johan Hovold: "[PATCH 7/7] Input: sur40 - fix NULL-deref at probe"
In reply to: Johan Hovold: "[PATCH 7/7] Input: sur40 - fix NULL-deref at probe"
Next in thread: Johan Hovold: "[PATCH 4/7] Input: yealink - fix NULL-deref at probe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Make sure to check the number of endpoints to avoid dereferencing a
NULL-pointer should a malicious device lack endpoints.

Fixes: bba5394ad3bd ("Input: add support for Hanwang tablets")
Cc: stable <stable@xxxxxxxxxxxxxxx> # 2.6.37
Cc: Xing Wei <weixing@xxxxxxxxxxxxxx>
Cc: Jiri Kosina <jkosina@xxxxxxx>
Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
---
drivers/input/tablet/hanwang.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/drivers/input/tablet/hanwang.c b/drivers/input/tablet/hanwang.c
index cd852059b99e..df4bea96d7ed 100644
--- a/drivers/input/tablet/hanwang.c
+++ b/drivers/input/tablet/hanwang.c
@@ -340,6 +340,9 @@ static int hanwang_probe(struct usb_interface *intf, const struct usb_device_id
int error;
int i;

+ if (intf->cur_altsetting->desc.bNumEndpoints < 1)
+ return -ENODEV;
+
hanwang = kzalloc(sizeof(struct hanwang), GFP_KERNEL);
input_dev = input_allocate_device();
if (!hanwang || !input_dev) {
--
2.12.0

Next message: Johan Hovold: "[PATCH 4/7] Input: yealink - fix NULL-deref at probe"
Previous message: Johan Hovold: "[PATCH 7/7] Input: sur40 - fix NULL-deref at probe"
In reply to: Johan Hovold: "[PATCH 7/7] Input: sur40 - fix NULL-deref at probe"
Next in thread: Johan Hovold: "[PATCH 4/7] Input: yealink - fix NULL-deref at probe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]