summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhong Tran <tranmanphong@gmail.com>2019-07-15 22:08:14 +0700
committerDavid S. Miller <davem@davemloft.net>2019-07-15 11:10:31 -0700
commitf384e62a82ba5d85408405fdd6aeff89354deaa9 (patch)
treed9711a2d759695612b76bdc4c2ae2ace671fd31c
parentc5ec23bb190267f8b6cb287b761c1f6630c4b694 (diff)
downloadlinux-f384e62a82ba5d85408405fdd6aeff89354deaa9.tar.gz
linux-f384e62a82ba5d85408405fdd6aeff89354deaa9.tar.bz2
linux-f384e62a82ba5d85408405fdd6aeff89354deaa9.zip
ISDN: hfcsusb: checking idx of ep configuration
The syzbot test with random endpoint address which made the idx is overflow in the table of endpoint configuations. this adds the checking for fixing the error report from syzbot KASAN: stack-out-of-bounds Read in hfcsusb_probe [1] The patch tested by syzbot [2] Reported-by: syzbot+8750abbc3a46ef47d509@syzkaller.appspotmail.com [1]: https://syzkaller.appspot.com/bug?id=30a04378dac680c5d521304a00a86156bb913522 [2]: https://groups.google.com/d/msg/syzkaller-bugs/_6HBdge8F3E/OJn7wVNpBAAJ Signed-off-by: Phong Tran <tranmanphong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--drivers/isdn/hardware/mISDN/hfcsusb.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
index 4c99739b937e..0e224232f746 100644
--- a/drivers/isdn/hardware/mISDN/hfcsusb.c
+++ b/drivers/isdn/hardware/mISDN/hfcsusb.c
@@ -1955,6 +1955,9 @@ hfcsusb_probe(struct usb_interface *intf, const struct usb_device_id *id)
/* get endpoint base */
idx = ((ep_addr & 0x7f) - 1) * 2;
+ if (idx > 15)
+ return -EIO;
+
if (ep_addr & 0x80)
idx++;
attr = ep->desc.bmAttributes;