From bce4a8a55c21e0475466bed36eabc1dcc9ff76ff Mon Sep 17 00:00:00 2001
From: Sriharsha Allenki <sallenki@codeaurora.org>
Date: Wed, 26 Jul 2017 17:06:53 +0530
Subject: [PATCH] usb: f_gsi: Fix rndis message parsing of erroneous requests

In the completion handler of rndis command requests
we are parsing the request buffers without
checking the status of the request. This might
cause parsing of the erroneous requests.
Fix this by checking the status of the request before
parsing the request buffer.

Change-Id: I52001128ac421e58e1801eebc243a8c91618582c
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
---
 drivers/usb/gadget/function/f_gsi.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/usb/gadget/function/f_gsi.c b/drivers/usb/gadget/function/f_gsi.c
index 3f903d4776b4..19fe6c8cb25a 100644
--- a/drivers/usb/gadget/function/f_gsi.c
+++ b/drivers/usb/gadget/function/f_gsi.c
@@ -1579,6 +1579,12 @@ static void gsi_rndis_command_complete(struct usb_ep *ep,
 	struct f_gsi *rndis = req->context;
 	int status;
 
+	if (req->status != 0) {
+		log_event_err("RNDIS command completion error %d\n",
+				req->status);
+		return;
+	}
+
 	status = rndis_msg_parser(rndis->params, (u8 *) req->buf);
 	if (status < 0)
 		log_event_err("RNDIS command error %d, %d/%d",