DivestOS/Patches/Linux_CVEs/CVE-2017-9684/ANY/0001.patch
2017-11-07 17:32:46 -05:00

39 lines
1.4 KiB
Diff

From d3d636627c8bb57a64bfadcc5d282c35d152f563 Mon Sep 17 00:00:00 2001
From: Mayank Rana <mrana@codeaurora.org>
Date: Thu, 28 Aug 2014 15:11:44 -0700
Subject: [PATCH] f_qc_rndis: Check config or cdev is NULL in before accessing
RNDIS control path completion handlers are getting called during
disconnect as part of composition switch and this is leading to a
crash. Avoid this crash, by checking, if cdev is not NULL before
accessing.
CRs-Fixed: 717035
Bug: 35136547
Change-Id: Id8748f963298129a403ffd6e4413476013315061
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
---
drivers/usb/gadget/f_qc_rndis.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/f_qc_rndis.c b/drivers/usb/gadget/f_qc_rndis.c
index 3bccfe8fc5a76..dfa3dd6ed18dd 100644
--- a/drivers/usb/gadget/f_qc_rndis.c
+++ b/drivers/usb/gadget/f_qc_rndis.c
@@ -552,7 +552,14 @@ static void rndis_qc_response_complete(struct usb_ep *ep,
{
struct f_rndis_qc *rndis = req->context;
int status = req->status;
- struct usb_composite_dev *cdev = rndis->port.func.config->cdev;
+ struct usb_composite_dev *cdev;
+
+ if (!rndis->port.func.config || !rndis->port.func.config->cdev) {
+ pr_err("%s(): cdev or config is NULL.\n", __func__);
+ return;
+ } else {
+ cdev = rndis->port.func.config->cdev;
+ }
/* after TX:
* - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control)