* [PATCH] USB: core: Fix potental Null Pointer dereference
@ 2019-10-10 1:02 Yizhuo
2019-10-10 5:20 ` Greg Kroah-Hartman
0 siblings, 1 reply; 2+ messages in thread
From: Yizhuo @ 2019-10-10 1:02 UTC (permalink / raw)
Cc: Yizhuo, Greg Kroah-Hartman, Alan Stern, Kai-Heng Feng,
Mathias Nyman, Thinh Nguyen, Douglas Anderson,
Nicolas Saenz Julienne, Jan-Marek Glogowski, Mathieu Malaterre,
linux-usb, linux-kernel
Inside function usb_device_is_owned(), usb_hub_to_struct_hub()
could return NULL but there's no check before its dereference,
which is potentially unsafe.
Signed-off-by: Yizhuo <yzhai003@ucr.edu>
---
drivers/usb/core/hub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 236313f41f4a..8d628c8e0c1b 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1977,7 +1977,7 @@ bool usb_device_is_owned(struct usb_device *udev)
if (udev->state == USB_STATE_NOTATTACHED || !udev->parent)
return false;
hub = usb_hub_to_struct_hub(udev->parent);
- return !!hub->ports[udev->portnum - 1]->port_owner;
+ return hub && !!hub->ports[udev->portnum - 1]->port_owner;
}
static void recursively_mark_NOTATTACHED(struct usb_device *udev)
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] USB: core: Fix potental Null Pointer dereference
2019-10-10 1:02 [PATCH] USB: core: Fix potental Null Pointer dereference Yizhuo
@ 2019-10-10 5:20 ` Greg Kroah-Hartman
0 siblings, 0 replies; 2+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-10 5:20 UTC (permalink / raw)
To: Yizhuo
Cc: Alan Stern, Kai-Heng Feng, Mathias Nyman, Thinh Nguyen,
Douglas Anderson, Nicolas Saenz Julienne, Jan-Marek Glogowski,
Mathieu Malaterre, linux-usb, linux-kernel
On Wed, Oct 09, 2019 at 06:02:02PM -0700, Yizhuo wrote:
> Inside function usb_device_is_owned(), usb_hub_to_struct_hub()
> could return NULL but there's no check before its dereference,
> which is potentially unsafe.
>
> Signed-off-by: Yizhuo <yzhai003@ucr.edu>
> ---
> drivers/usb/core/hub.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
> index 236313f41f4a..8d628c8e0c1b 100644
> --- a/drivers/usb/core/hub.c
> +++ b/drivers/usb/core/hub.c
> @@ -1977,7 +1977,7 @@ bool usb_device_is_owned(struct usb_device *udev)
> if (udev->state == USB_STATE_NOTATTACHED || !udev->parent)
> return false;
> hub = usb_hub_to_struct_hub(udev->parent);
> - return !!hub->ports[udev->portnum - 1]->port_owner;
> + return hub && !!hub->ports[udev->portnum - 1]->port_owner;
How can hub ever not be valid?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-10-10 5:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-10 1:02 [PATCH] USB: core: Fix potental Null Pointer dereference Yizhuo
2019-10-10 5:20 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).