diff mbox series

[v2] USB: core: Avoid WARNings for 0-length descriptor requests

Message ID 20210607152307.GD1768031@rowland.harvard.edu
State New
Headers show
Series [v2] USB: core: Avoid WARNings for 0-length descriptor requests | expand

Commit Message

Alan Stern June 7, 2021, 3:23 p.m. UTC 
The USB core has utility routines to retrieve various types of
descriptors.  These routines will now provoke a WARN if they are asked
to retrieve 0 bytes (USB "receive" requests must not have zero
length), so avert this by checking the size argument at the start.

Reported-and-tested-by: syzbot+7dbcd9ff34dc4ed45240@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: Johan Hovold <johan@kernel.org>

---

v2: Added extra blank lines following the sanity tests.


[as1962b]


 drivers/usb/core/message.c |    6 ++++++
 1 file changed, 6 insertions(+)
diff mbox series

Patch

Index: usb-devel/drivers/usb/core/message.c
===================================================================
--- usb-devel.orig/drivers/usb/core/message.c
+++ usb-devel/drivers/usb/core/message.c
@@ -783,6 +783,9 @@  int usb_get_descriptor(struct usb_device
 	int i;
 	int result;
 
+	if (size <= 0)		/* No point in asking for no data */
+		return -EINVAL;
+
 	memset(buf, 0, size);	/* Make sure we parse really received data */
 
 	for (i = 0; i < 3; ++i) {
@@ -832,6 +835,9 @@  static int usb_get_string(struct usb_dev
 	int i;
 	int result;
 
+	if (size <= 0)		/* No point in asking for no data */
+		return -EINVAL;
+
 	for (i = 0; i < 3; ++i) {
 		/* retry on length 0 or stall; some devices are flakey */
 		result = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),