linux-usb.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] USB: core: Fix potental Null Pointer dereference
@ 2019-10-10  1:02 Yizhuo
  2019-10-10  5:20 ` Greg Kroah-Hartman
  0 siblings, 1 reply; 2+ messages in thread
From: Yizhuo @ 2019-10-10  1:02 UTC (permalink / raw)
  Cc: Yizhuo, Greg Kroah-Hartman, Alan Stern, Kai-Heng Feng,
	Mathias Nyman, Thinh Nguyen, Douglas Anderson,
	Nicolas Saenz Julienne, Jan-Marek Glogowski, Mathieu Malaterre,
	linux-usb, linux-kernel

Inside function usb_device_is_owned(), usb_hub_to_struct_hub()
could return NULL but there's no check before its dereference,
which is potentially unsafe.

Signed-off-by: Yizhuo <yzhai003@ucr.edu>
---
 drivers/usb/core/hub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 236313f41f4a..8d628c8e0c1b 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1977,7 +1977,7 @@ bool usb_device_is_owned(struct usb_device *udev)
 	if (udev->state == USB_STATE_NOTATTACHED || !udev->parent)
 		return false;
 	hub = usb_hub_to_struct_hub(udev->parent);
-	return !!hub->ports[udev->portnum - 1]->port_owner;
+	return hub && !!hub->ports[udev->portnum - 1]->port_owner;
 }
 
 static void recursively_mark_NOTATTACHED(struct usb_device *udev)
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] USB: core: Fix potental Null Pointer dereference
  2019-10-10  1:02 [PATCH] USB: core: Fix potental Null Pointer dereference Yizhuo
@ 2019-10-10  5:20 ` Greg Kroah-Hartman
  0 siblings, 0 replies; 2+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-10  5:20 UTC (permalink / raw)
  To: Yizhuo
  Cc: Alan Stern, Kai-Heng Feng, Mathias Nyman, Thinh Nguyen,
	Douglas Anderson, Nicolas Saenz Julienne, Jan-Marek Glogowski,
	Mathieu Malaterre, linux-usb, linux-kernel

On Wed, Oct 09, 2019 at 06:02:02PM -0700, Yizhuo wrote:
> Inside function usb_device_is_owned(), usb_hub_to_struct_hub()
> could return NULL but there's no check before its dereference,
> which is potentially unsafe.
> 
> Signed-off-by: Yizhuo <yzhai003@ucr.edu>
> ---
>  drivers/usb/core/hub.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
> index 236313f41f4a..8d628c8e0c1b 100644
> --- a/drivers/usb/core/hub.c
> +++ b/drivers/usb/core/hub.c
> @@ -1977,7 +1977,7 @@ bool usb_device_is_owned(struct usb_device *udev)
>  	if (udev->state == USB_STATE_NOTATTACHED || !udev->parent)
>  		return false;
>  	hub = usb_hub_to_struct_hub(udev->parent);
> -	return !!hub->ports[udev->portnum - 1]->port_owner;
> +	return hub && !!hub->ports[udev->portnum - 1]->port_owner;

How can hub ever not be valid?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-10-10  5:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-10  1:02 [PATCH] USB: core: Fix potental Null Pointer dereference Yizhuo
2019-10-10  5:20 ` Greg Kroah-Hartman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).