DivestOS/Patches/Linux_CVEs/CVE-2017-9684/ANY/0.patch

From d3d636627c8bb57a64bfadcc5d282c35d152f563 Mon Sep 17 00:00:00 2001
From: Mayank Rana <mrana@codeaurora.org>
Date: Thu, 28 Aug 2014 15:11:44 -0700
Subject: [PATCH] f_qc_rndis: Check config or cdev is NULL in before accessing

RNDIS control path completion handlers are getting called during
disconnect as part of composition switch and this is leading to a
crash. Avoid this crash, by checking, if cdev is not NULL before
accessing.

CRs-Fixed: 717035
Bug: 35136547
Change-Id: Id8748f963298129a403ffd6e4413476013315061
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
---
 drivers/usb/gadget/f_qc_rndis.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/gadget/f_qc_rndis.c b/drivers/usb/gadget/f_qc_rndis.c
index 3bccfe8fc5a76..dfa3dd6ed18dd 100644
--- a/drivers/usb/gadget/f_qc_rndis.c
+++ b/drivers/usb/gadget/f_qc_rndis.c
@@ -552,7 +552,14 @@ static void rndis_qc_response_complete(struct usb_ep *ep,
 {
 	struct f_rndis_qc		*rndis = req->context;
 	int				status = req->status;
-	struct usb_composite_dev	*cdev = rndis->port.func.config->cdev;
+	struct usb_composite_dev	*cdev;
+
+	if (!rndis->port.func.config || !rndis->port.func.config->cdev) {
+		pr_err("%s(): cdev or config is NULL.\n", __func__);
+		return;
+	} else {
+		cdev = rndis->port.func.config->cdev;
+	}
 
 	/* after TX:
 	 *  - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control)
Add patches for many Linux CVEs, and overhaul script paths 2017-10-29 01:48:53 -04:00			`From d3d636627c8bb57a64bfadcc5d282c35d152f563 Mon Sep 17 00:00:00 2001`
			`From: Mayank Rana <mrana@codeaurora.org>`
			`Date: Thu, 28 Aug 2014 15:11:44 -0700`
			`Subject: [PATCH] f_qc_rndis: Check config or cdev is NULL in before accessing`

			`RNDIS control path completion handlers are getting called during`
			`disconnect as part of composition switch and this is leading to a`
			`crash. Avoid this crash, by checking, if cdev is not NULL before`
			`accessing.`

			`CRs-Fixed: 717035`
			`Bug: 35136547`
			`Change-Id: Id8748f963298129a403ffd6e4413476013315061`
			`Signed-off-by: Mayank Rana <mrana@codeaurora.org>`
			`---`
			`drivers/usb/gadget/f_qc_rndis.c \| 9 ++++++++-`
			`1 file changed, 8 insertions(+), 1 deletion(-)`

			`diff --git a/drivers/usb/gadget/f_qc_rndis.c b/drivers/usb/gadget/f_qc_rndis.c`
			`index 3bccfe8fc5a76..dfa3dd6ed18dd 100644`
			`--- a/drivers/usb/gadget/f_qc_rndis.c`
			`+++ b/drivers/usb/gadget/f_qc_rndis.c`
			`@@ -552,7 +552,14 @@ static void rndis_qc_response_complete(struct usb_ep *ep,`
			`{`
			`struct f_rndis_qc *rndis = req->context;`
			`int status = req->status;`
			`- struct usb_composite_dev *cdev = rndis->port.func.config->cdev;`
			`+ struct usb_composite_dev *cdev;`
			`+`
			`+ if (!rndis->port.func.config \|\| !rndis->port.func.config->cdev) {`
			`+ pr_err("%s(): cdev or config is NULL.\n", __func__);`
			`+ return;`
			`+ } else {`
			`+ cdev = rndis->port.func.config->cdev;`
			`+ }`

			`/* after TX:`
			`* - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control)`