diff mbox series

[4.19,14/21] staging: comedi: check validity of wMaxPacketSize of usb endpoints found

Message ID 20201016090437.987989197@linuxfoundation.org
State Superseded
Headers show
Series None | expand

Commit Message

Greg KH Oct. 16, 2020, 9:07 a.m. UTC 
From: Anant Thazhemadam <anant.thazhemadam@gmail.com>

commit e1f13c879a7c21bd207dc6242455e8e3a1e88b40 upstream.

While finding usb endpoints in vmk80xx_find_usb_endpoints(), check if
wMaxPacketSize = 0 for the endpoints found.

Some devices have isochronous endpoints that have wMaxPacketSize = 0
(as required by the USB-2 spec).
However, since this doesn't apply here, wMaxPacketSize = 0 can be
considered to be invalid.

Reported-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com
Tested-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201010082933.5417-1-anant.thazhemadam@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/staging/comedi/drivers/vmk80xx.c |    3 +++
 1 file changed, 3 insertions(+)

Comments

Pavel Machek Oct. 16, 2020, 1:06 p.m. UTC | #1 
Hi!

> From: Anant Thazhemadam <anant.thazhemadam@gmail.com>

> 

> commit e1f13c879a7c21bd207dc6242455e8e3a1e88b40 upstream.

> 

> While finding usb endpoints in vmk80xx_find_usb_endpoints(), check if

> wMaxPacketSize = 0 for the endpoints found.

> 

> Some devices have isochronous endpoints that have wMaxPacketSize = 0

> (as required by the USB-2 spec).

> However, since this doesn't apply here, wMaxPacketSize = 0 can be

> considered to be invalid.

> 

> Reported-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com

> Tested-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com

> Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>

> Cc: stable <stable@vger.kernel.org>

> Link: https://lore.kernel.org/r/20201010082933.5417-1-anant.thazhemadam@gmail.com

> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


Why duplicate Sign-off?

Best regards,
							Pavel
-- 
http://www.livejournal.com/~pavelmachek
Greg KH Oct. 17, 2020, 8:12 a.m. UTC | #2 
On Fri, Oct 16, 2020 at 03:06:27PM +0200, Pavel Machek wrote:
> Hi!

> 

> > From: Anant Thazhemadam <anant.thazhemadam@gmail.com>

> > 

> > commit e1f13c879a7c21bd207dc6242455e8e3a1e88b40 upstream.

> > 

> > While finding usb endpoints in vmk80xx_find_usb_endpoints(), check if

> > wMaxPacketSize = 0 for the endpoints found.

> > 

> > Some devices have isochronous endpoints that have wMaxPacketSize = 0

> > (as required by the USB-2 spec).

> > However, since this doesn't apply here, wMaxPacketSize = 0 can be

> > considered to be invalid.

> > 

> > Reported-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com

> > Tested-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com

> > Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>

> > Cc: stable <stable@vger.kernel.org>

> > Link: https://lore.kernel.org/r/20201010082933.5417-1-anant.thazhemadam@gmail.com

> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

> 

> Why duplicate Sign-off?


My scripts, I missed this :(
diff mbox series

Patch

--- a/drivers/staging/comedi/drivers/vmk80xx.c
+++ b/drivers/staging/comedi/drivers/vmk80xx.c
@@ -667,6 +667,9 @@  static int vmk80xx_find_usb_endpoints(st
 	if (!devpriv->ep_rx || !devpriv->ep_tx)
 		return -ENODEV;
 
+	if (!usb_endpoint_maxp(devpriv->ep_rx) || !usb_endpoint_maxp(devpriv->ep_tx))
+		return -EINVAL;
+
 	return 0;
 }