evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

usb: f_qc_rndis: Fix rndis message parsing of erroneous requests

Browse source 
In the completion handler of rndis command requests we
are parsing the request buffers without checking the
status of the request. This might cause parsing of the
erroneous requests. Fix this by checking the status
of the request before parsing the request buffer.

Change-Id: I15ffd0bef4b42adf2300085dc3720d599e647cb5
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
This commit is contained in:
Sriharsha Allenki 2017-07-27 11:07:00 +05:30
parent ac8211566b
commit cd567a9d57
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
drivers/usb/gadget/function/f_qc_rndis.c
View file

@ -545,6 +545,12 @@ static void rndis_qc_command_complete(struct usb_ep *ep,
rndis_init_msg_type *buf;
u32 ul_max_xfer_size, dl_max_xfer_size;
if (req->status != 0) {
pr_err("%s: RNDIS command completion error %d\n",
__func__, req->status);
return;
}
spin_lock(&rndis_lock);
rndis = _rndis_qc;
if (!rndis || !rndis->notify || !rndis->notify->driver_data) {