summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhong Tran <tranmanphong@gmail.com>2019-07-15 18:08:14 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-08-04 10:35:01 +0300
commit4ef54f331818f5d651e18fd640ec47d0b6eebf46 (patch)
treecb294499ee7376cb843cec5a53da2633085df8d5
parent8f0b77b71f3fec09f86f80cd98c36a1a35109499 (diff)
downloadlinux-4ef54f331818f5d651e18fd640ec47d0b6eebf46.tar.xz
ISDN: hfcsusb: checking idx of ep configuration
commit f384e62a82ba5d85408405fdd6aeff89354deaa9 upstream. The syzbot test with random endpoint address which made the idx is overflow in the table of endpoint configuations. this adds the checking for fixing the error report from syzbot KASAN: stack-out-of-bounds Read in hfcsusb_probe [1] The patch tested by syzbot [2] Reported-by: syzbot+8750abbc3a46ef47d509@syzkaller.appspotmail.com [1]: https://syzkaller.appspot.com/bug?id=30a04378dac680c5d521304a00a86156bb913522 [2]: https://groups.google.com/d/msg/syzkaller-bugs/_6HBdge8F3E/OJn7wVNpBAAJ Signed-off-by: Phong Tran <tranmanphong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/isdn/hardware/mISDN/hfcsusb.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
index 114f3bcba1b0..c60c7998af17 100644
--- a/drivers/isdn/hardware/mISDN/hfcsusb.c
+++ b/drivers/isdn/hardware/mISDN/hfcsusb.c
@@ -1963,6 +1963,9 @@ hfcsusb_probe(struct usb_interface *intf, const struct usb_device_id *id)
/* get endpoint base */
idx = ((ep_addr & 0x7f) - 1) * 2;
+ if (idx > 15)
+ return -EIO;
+
if (ep_addr & 0x80)
idx++;
attr = ep->desc.bmAttributes;