USB: serial: cyberjack: fix NULL-deref at open

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Fix NULL-pointer dereference when clearing halt at open should the device
lack a bulk-out endpoint.

Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
PC is at cyberjack_open+0x40/0x9c [cyberjack]

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>

Johan Hovold 9 years ago 3dca0111 42715763

+10

1 changed file

expand all

drivers

usb

serial

cyberjack.c

+10

drivers/usb/serial/cyberjack.c

··· 50 50 #define CYBERJACK_PRODUCT_ID 0x0100 51 51 52 52 /* Function prototypes */ 53 + static int cyberjack_attach(struct usb_serial *serial); 53 54 static int cyberjack_port_probe(struct usb_serial_port *port); 54 55 static int cyberjack_port_remove(struct usb_serial_port *port); 55 56 static int cyberjack_open(struct tty_struct *tty, ··· 78 77 .description = "Reiner SCT Cyberjack USB card reader", 79 78 .id_table = id_table, 80 79 .num_ports = 1, 80 + .attach = cyberjack_attach, 81 81 .port_probe = cyberjack_port_probe, 82 82 .port_remove = cyberjack_port_remove, 83 83 .open = cyberjack_open, ··· 101 99 short wrfilled; /* Overall data size we already got */ 102 100 short wrsent; /* Data already sent */ 103 101 }; 102 + 103 + static int cyberjack_attach(struct usb_serial *serial) 104 + { 105 + if (serial->num_bulk_out < serial->num_ports) 106 + return -ENODEV; 107 + 108 + return 0; 109 + } 104 110 105 111 static int cyberjack_port_probe(struct usb_serial_port *port) 106 112 {