From 77bc3988885ea7ba5afe16e1a5e63e8ec6269748 Mon Sep 17 00:00:00 2001
From: Sriharsha Allenki <sallenki@codeaurora.org>
Date: Thu, 27 Jul 2017 11:12:09 +0530
Subject: [PATCH] usb: f_rndis: Fix rndis message parsing of erroneous requests

In the completion handler of the rndis command requests we
are parsing the request buffers without checking the
status of the request. This might cause parsing of the
erroneous requests. Fix this by checking the status
of the request before parsing the request buffer.

Change-Id: I476c6c82d367f6f5fc6eff25b049b3323b68b859
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
---
 drivers/usb/gadget/function/f_rndis.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/usb/gadget/function/f_rndis.c b/drivers/usb/gadget/function/f_rndis.c
index 13888821109d..0917bc500023 100644
--- a/drivers/usb/gadget/function/f_rndis.c
+++ b/drivers/usb/gadget/function/f_rndis.c
@@ -463,6 +463,12 @@ static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req)
 	int				status;
 	rndis_init_msg_type		*buf;
 
+	if (req->status != 0) {
+		pr_err("%s: RNDIS command completion error:%d\n",
+				__func__, req->status);
+		return;
+	}
+
 	/* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */
 //	spin_lock(&dev->lock);
 	status = rndis_msg_parser(rndis->params, (u8 *) req->buf);