| Message ID | 577362E7.2000508@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
On Wed, Jun 29, 2016 at 12:55:51AM -0500, Cameron Gutman wrote: > This prevents a malicious USB device from causing an oops. > > Signed-off-by: Cameron Gutman <aicommander@gmail.com> > Cc: stable@vger.kernel.org > --- Applied, thank you. > drivers/input/joystick/xpad.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c > index 3438e98..a529a45 100644 > --- a/drivers/input/joystick/xpad.c > +++ b/drivers/input/joystick/xpad.c > @@ -1431,6 +1431,9 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id > int ep_irq_in_idx; > int i, error; > > + if (intf->cur_altsetting->desc.bNumEndpoints != 2) > + return -ENODEV; > + > for (i = 0; xpad_device[i].idVendor; i++) { > if ((le16_to_cpu(udev->descriptor.idVendor) == xpad_device[i].idVendor) && > (le16_to_cpu(udev->descriptor.idProduct) == xpad_device[i].idProduct)) > -- > 2.7.4
diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c index 3438e98..a529a45 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -1431,6 +1431,9 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id int ep_irq_in_idx; int i, error; + if (intf->cur_altsetting->desc.bNumEndpoints != 2) + return -ENODEV; + for (i = 0; xpad_device[i].idVendor; i++) { if ((le16_to_cpu(udev->descriptor.idVendor) == xpad_device[i].idVendor) && (le16_to_cpu(udev->descriptor.idProduct) == xpad_device[i].idProduct))
This prevents a malicious USB device from causing an oops. Signed-off-by: Cameron Gutman <aicommander@gmail.com> Cc: stable@vger.kernel.org --- drivers/input/joystick/xpad.c | 3 +++ 1 file changed, 3 insertions(+)