[linux] 03/03: usb: usbtest: fix NULL pointer dereference (CVE-2017-16532)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Thu Nov 16 17:44:37 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch sid
in repository linux.
commit c08c3b8b2500abcde482e9736360ca49a348646c
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Thu Nov 16 17:40:00 2017 +0000
usb: usbtest: fix NULL pointer dereference (CVE-2017-16532)
---
debian/changelog | 1 +
.../usb-usbtest-fix-NULL-pointer-dereference.patch | 39 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 41 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index ba70dfb..c303b84 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -124,6 +124,7 @@ linux (4.13.13-1) UNRELEASED; urgency=medium
* swap: Avoid ABI change in 4.13.12
* mac80211: use constant time comparison with keys
* mac80211: don't compare TKIP TX MIC key in reinstall prevention
+ * usb: usbtest: fix NULL pointer dereference (CVE-2017-16532)
-- Salvatore Bonaccorso <carnil at debian.org> Sat, 04 Nov 2017 09:54:41 +0100
diff --git a/debian/patches/bugfix/all/usb-usbtest-fix-NULL-pointer-dereference.patch b/debian/patches/bugfix/all/usb-usbtest-fix-NULL-pointer-dereference.patch
new file mode 100644
index 0000000..ac47350
--- /dev/null
+++ b/debian/patches/bugfix/all/usb-usbtest-fix-NULL-pointer-dereference.patch
@@ -0,0 +1,39 @@
+From: Alan Stern <stern at rowland.harvard.edu>
+Date: Fri, 29 Sep 2017 10:54:24 -0400
+Subject: usb: usbtest: fix NULL pointer dereference
+Origin: https://git.kernel.org/linus/7c80f9e4a588f1925b07134bb2e3689335f6c6d8
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16532
+
+If the usbtest driver encounters a device with an IN bulk endpoint but
+no OUT bulk endpoint, it will try to dereference a NULL pointer
+(out->desc.bEndpointAddress). The problem can be solved by adding a
+missing test.
+
+Signed-off-by: Alan Stern <stern at rowland.harvard.edu>
+Reported-by: Andrey Konovalov <andreyknvl at google.com>
+Tested-by: Andrey Konovalov <andreyknvl at google.com>
+Signed-off-by: Felipe Balbi <felipe.balbi at linux.intel.com>
+---
+ drivers/usb/misc/usbtest.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
+index 113e38bfe0ef..b3fc602b2e24 100644
+--- a/drivers/usb/misc/usbtest.c
++++ b/drivers/usb/misc/usbtest.c
+@@ -202,12 +202,13 @@ get_endpoints(struct usbtest_dev *dev, struct usb_interface *intf)
+ return tmp;
+ }
+
+- if (in) {
++ if (in)
+ dev->in_pipe = usb_rcvbulkpipe(udev,
+ in->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
++ if (out)
+ dev->out_pipe = usb_sndbulkpipe(udev,
+ out->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
+- }
++
+ if (iso_in) {
+ dev->iso_in = &iso_in->desc;
+ dev->in_iso_pipe = usb_rcvisocpipe(udev,
diff --git a/debian/patches/series b/debian/patches/series
index 90a6f7d..c6a86a3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -117,6 +117,7 @@ bugfix/all/mac80211-accept-key-reinstall-without-changing-anyth.patch
bugfix/all/mac80211-use-constant-time-comparison-with-keys.patch
bugfix/all/mac80211-don-t-compare-tkip-tx-mic-key-in-reinstall-.patch
bugfix/all/sctp-do-not-peel-off-an-assoc-from-one-netns-to-anot.patch
+bugfix/all/usb-usbtest-fix-NULL-pointer-dereference.patch
# Fix exported symbol versions
bugfix/alpha/alpha-restore-symbol-versions-for-symbols-exported-f.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list