DivestOS/Patches/Linux_CVEs/CVE-2017-9684/ANY/0.patch

From d3d636627c8bb57a64bfadcc5d282c35d152f563 Mon Sep 17 00:00:00 2001
From: Mayank Rana <mrana@codeaurora.org>
Date: Thu, 28 Aug 2014 15:11:44 -0700
Subject: [PATCH] f_qc_rndis: Check config or cdev is NULL in before accessing

RNDIS control path completion handlers are getting called during
disconnect as part of composition switch and this is leading to a
crash. Avoid this crash, by checking, if cdev is not NULL before
accessing.

CRs-Fixed: 717035
Bug: 35136547
Change-Id: Id8748f963298129a403ffd6e4413476013315061
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
---
 drivers/usb/gadget/f_qc_rndis.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/gadget/f_qc_rndis.c b/drivers/usb/gadget/f_qc_rndis.c
index 3bccfe8fc5a76..dfa3dd6ed18dd 100644
--- a/drivers/usb/gadget/f_qc_rndis.c
+++ b/drivers/usb/gadget/f_qc_rndis.c
@@ -552,7 +552,14 @@ static void rndis_qc_response_complete(struct usb_ep *ep,
 {
 	struct f_rndis_qc		*rndis = req->context;
 	int				status = req->status;
-	struct usb_composite_dev	*cdev = rndis->port.func.config->cdev;
+	struct usb_composite_dev	*cdev;
+
+	if (!rndis->port.func.config || !rndis->port.func.config->cdev) {
+		pr_err("%s(): cdev or config is NULL.\n", __func__);
+		return;
+	} else {
+		cdev = rndis->port.func.config->cdev;
+	}
 
 	/* after TX:
 	 *  - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control)