ISDN: hfcsusb: checking idx of ep configuration · 4ef54f3318 - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

ISDN: hfcsusb: checking idx of ep configuration

commit f384e62a82ba5d85408405fdd6aeff89354deaa9 upstream.

The syzbot test with random endpoint address which made the idx is
overflow in the table of endpoint configuations.

this adds the checking for fixing the error report from
syzbot

KASAN: stack-out-of-bounds Read in hfcsusb_probe [1]
The patch tested by syzbot [2]

Reported-by: syzbot+8750abbc3a46ef47d509@syzkaller.appspotmail.com

[1]:
https://syzkaller.appspot.com/bug?id=30a04378dac680c5d521304a00a86156bb913522
[2]:
https://groups.google.com/d/msg/syzkaller-bugs/_6HBdge8F3E/OJn7wVNpBAAJ

Signed-off-by: Phong Tran <tranmanphong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

This commit is contained in:

Phong Tran

2019-07-15 22:08:14 +07:00

• committed by

Greg Kroah-Hartman

parent 8f0b77b71f

commit 4ef54f3318

1 changed files with 3 additions and 0 deletions

									
										3

drivers/isdn/hardware/mISDN/hfcsusb.c
									
										View file
										
				@ -1963,6 +1963,9 @@ hfcsusb_probe(struct usb_interface *intf, const struct usb_device_id *id)

								/* get endpoint base */

								idx = ((ep_addr & 0x7f) - 1) * 2;

								if (idx > 15)

									return -EIO;

								if (ep_addr & 0x80)

									idx++;

								attr = ep->desc.bmAttributes;