leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
95b6c6a519
linux/drivers/net/wimax/i2400m
History
Johan Hovold 6e526fdff7 net: wimax/i2400m: fix NULL-deref at probe 
Make sure to check the number of endpoints to avoid dereferencing a
NULL-pointer or accessing memory beyond the endpoint array should a
malicious device lack the expected endpoints.

The endpoints are specifically dereferenced in the i2400m_bootrom_init
path during probe (e.g. in i2400mu_tx_bulk_out).

Fixes: f398e4240f ("i2400m/USB: probe/disconnect, dev init/shutdown
and reset backends")
Cc: Inaky Perez-Gonzalez <inaky@linux.intel.com>

Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-13 12:28:40 -07:00
..
control.c
debug-levels.h
debugfs.c
driver.c
fw.c
i2400m-usb.h
i2400m.h
Kconfig
Makefile
netdev.c net: use core MTU range checking in wireless drivers 2016-10-20 14:51:08 -04:00
op-rfkill.c
rx.c
sysfs.c
tx.c
usb-debug-levels.h
usb-fw.c scripts/spelling.txt: add "varible" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
usb-notif.c net: wimax: i2400m: usb-notif: don't print error when allocating urb fails 2016-08-13 14:53:40 -07:00
usb-rx.c
usb-tx.c
usb.c net: wimax/i2400m: fix NULL-deref at probe 2017-03-13 12:28:40 -07:00