[PATCH 4.13 48/53] USB: serial: console: fix use-after-free on disconnect

[Greg Kroah-Hartman]

4.13-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Johan Hovold <johan@xxxxxxxxxx>

commit bd998c2e0df0469707503023d50d46cf0b10c787 upstream.

A clean-up patch removing two redundant NULL-checks from the console
disconnect handler inadvertently also removed a third check. This could
lead to the struct usb_serial being prematurely freed by the console
code when a driver accepts but does not register any ports for an
interface which also lacks endpoint descriptors.

Fixes: 0e517c93dc02 ("USB: serial: console: clean up sanity checks")
Reported-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
Acked-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/usb/serial/console.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/usb/serial/console.c
+++ b/drivers/usb/serial/console.c
@@ -265,7 +265,7 @@ static struct console usbcons = {
 
 void usb_serial_console_disconnect(struct usb_serial *serial)
 {
-	if (serial->port[0] == usbcons_info.port) {
+	if (serial->port[0] && serial->port[0] == usbcons_info.port) {
 		usb_serial_console_exit();
 		usb_serial_put(serial);
 	}