DivestOS/Patches/Linux_CVEs/CVE-2016-3137/0.patch

From c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@suse.com>
Date: Thu, 31 Mar 2016 12:04:25 -0400
Subject: USB: cypress_m8: add endpoint sanity check

An attack using missing endpoints exists.

CVE-2016-3137

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
CC: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/serial/cypress_m8.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/drivers/usb/serial/cypress_m8.c b/drivers/usb/serial/cypress_m8.c
index b283eb8..bbeeb2b 100644
--- a/drivers/usb/serial/cypress_m8.c
+++ b/drivers/usb/serial/cypress_m8.c
@@ -447,6 +447,11 @@ static int cypress_generic_port_probe(struct usb_serial_port *port)
 	struct usb_serial *serial = port->serial;
 	struct cypress_private *priv;
 
+	if (!port->interrupt_out_urb || !port->interrupt_in_urb) {
+		dev_err(&port->dev, "required endpoint is missing\n");
+		return -ENODEV;
+	}
+
 	priv = kzalloc(sizeof(struct cypress_private), GFP_KERNEL);
 	if (!priv)
 		return -ENOMEM;
@@ -606,12 +611,6 @@ static int cypress_open(struct tty_struct *tty, struct usb_serial_port *port)
 		cypress_set_termios(tty, port, &priv->tmp_termios);
 
 	/* setup the port and start reading from the device */
-	if (!port->interrupt_in_urb) {
-		dev_err(&port->dev, "%s - interrupt_in_urb is empty!\n",
-			__func__);
-		return -1;
-	}
-
 	usb_fill_int_urb(port->interrupt_in_urb, serial->dev,
 		usb_rcvintpipe(serial->dev, port->interrupt_in_endpointAddress),
 		port->interrupt_in_urb->transfer_buffer,
-- 
cgit v1.1
Add patches for many Linux CVEs, and overhaul script paths 2017-10-29 01:48:53 -04:00			`From c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754 Mon Sep 17 00:00:00 2001`
			`From: Oliver Neukum <oneukum@suse.com>`
			`Date: Thu, 31 Mar 2016 12:04:25 -0400`
			`Subject: USB: cypress_m8: add endpoint sanity check`

			`An attack using missing endpoints exists.`

			`CVE-2016-3137`

			`Signed-off-by: Oliver Neukum <ONeukum@suse.com>`
			`CC: stable@vger.kernel.org`
			`Signed-off-by: Johan Hovold <johan@kernel.org>`
			`Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>`
			`---`
			`drivers/usb/serial/cypress_m8.c \| 11 +++++------`
			`1 file changed, 5 insertions(+), 6 deletions(-)`

			`diff --git a/drivers/usb/serial/cypress_m8.c b/drivers/usb/serial/cypress_m8.c`
			`index b283eb8..bbeeb2b 100644`
			`--- a/drivers/usb/serial/cypress_m8.c`
			`+++ b/drivers/usb/serial/cypress_m8.c`
			`@@ -447,6 +447,11 @@ static int cypress_generic_port_probe(struct usb_serial_port *port)`
			`struct usb_serial *serial = port->serial;`
			`struct cypress_private *priv;`

			`+ if (!port->interrupt_out_urb \|\| !port->interrupt_in_urb) {`
			`+ dev_err(&port->dev, "required endpoint is missing\n");`
			`+ return -ENODEV;`
			`+ }`
			`+`
			`priv = kzalloc(sizeof(struct cypress_private), GFP_KERNEL);`
			`if (!priv)`
			`return -ENOMEM;`
			`@@ -606,12 +611,6 @@ static int cypress_open(struct tty_struct tty, struct usb_serial_port port)`
			`cypress_set_termios(tty, port, &priv->tmp_termios);`

			`/* setup the port and start reading from the device */`
			`- if (!port->interrupt_in_urb) {`
			`- dev_err(&port->dev, "%s - interrupt_in_urb is empty!\n",`
			`- __func__);`
			`- return -1;`
			`- }`
			`-`
			`usb_fill_int_urb(port->interrupt_in_urb, serial->dev,`
			`usb_rcvintpipe(serial->dev, port->interrupt_in_endpointAddress),`
			`port->interrupt_in_urb->transfer_buffer,`
			`--`
			`cgit v1.1`