mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-11-26 06:40:54 +07:00
[media] usbvision fix overflow of interfaces array
This fixes the crash reported in: http://seclists.org/bugtraq/2015/Oct/35 The interface number needs a sanity check. Signed-off-by: Oliver Neukum <oneukum@suse.com> Cc: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
This commit is contained in:
parent
3ff863b87e
commit
588afcc1c0
@ -1461,6 +1461,13 @@ static int usbvision_probe(struct usb_interface *intf,
|
||||
printk(KERN_INFO "%s: %s found\n", __func__,
|
||||
usbvision_device_data[model].model_string);
|
||||
|
||||
/*
|
||||
* this is a security check.
|
||||
* an exploit using an incorrect bInterfaceNumber is known
|
||||
*/
|
||||
if (ifnum >= USB_MAXINTERFACES || !dev->actconfig->interface[ifnum])
|
||||
return -ENODEV;
|
||||
|
||||
if (usbvision_device_data[model].interface >= 0)
|
||||
interface = &dev->actconfig->interface[usbvision_device_data[model].interface]->altsetting[0];
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user