ACK/Cmnt: [PATCH] [media] cx231xx-cards: fix NULL-deref on missing association descriptor

[Stefan Bader]

On 20.07.2018 16:23, Paolo Pisati wrote:
> From: Johan Hovold <johan at kernel.org>
> 
> Make sure to check that we actually have an Interface Association
> Descriptor before dereferencing it during probe to avoid dereferencing a
> NULL-pointer.
> 
> Fixes: e0d3bafd0258 ("V4L/DVB (10954): Add cx231xx USB driver")
> 
> Cc: stable <stable at vger.kernel.org>     # 2.6.30
> Reported-by: Andrey Konovalov <andreyknvl at google.com>
> Signed-off-by: Johan Hovold <johan at kernel.org>
> Tested-by: Andrey Konovalov <andreyknvl at google.com>
> Signed-off-by: Hans Verkuil <hans.verkuil at cisco.com>
> Signed-off-by: Mauro Carvalho Chehab <mchehab at osg.samsung.com>
> (cherry picked from commit 6c3b047fa2d2286d5e438bcb470c7b1a49f415f6)
> Signed-off-by: Paolo Pisati <paolo.pisati at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---

Needs CVE-2017-16536 added.

>  drivers/media/usb/cx231xx/cx231xx-cards.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/media/usb/cx231xx/cx231xx-cards.c b/drivers/media/usb/cx231xx/cx231xx-cards.c
> index 528cce9..09d4fb6 100644
> --- a/drivers/media/usb/cx231xx/cx231xx-cards.c
> +++ b/drivers/media/usb/cx231xx/cx231xx-cards.c
> @@ -1224,7 +1224,7 @@ static int cx231xx_usb_probe(struct usb_interface *interface,
>  	nr = dev->devno;
>  
>  	assoc_desc = udev->actconfig->intf_assoc[0];
> -	if (assoc_desc->bFirstInterface != ifnum) {
> +	if (!assoc_desc || assoc_desc->bFirstInterface != ifnum) {
>  		cx231xx_err(DRIVER_NAME ": Not found "
>  			    "matching IAD interface\n");
>  		retval = -ENODEV;
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180723/437ef5cb/attachment.sig>