[PATCH] USB: serial: kl5kusb105: fix line-state error handling
Paolo Pisati
paolo.pisati at canonical.com
Mon Jul 23 14:40:55 UTC 2018
From: Johan Hovold <johan at kernel.org>
CVE-2017-5549
The current implementation failed to detect short transfers when
attempting to read the line state, and also, to make things worse,
logged the content of the uninitialised heap transfer buffer.
Fixes: abf492e7b3ae ("USB: kl5kusb105: fix DMA buffers on stack")
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <stable at vger.kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Signed-off-by: Johan Hovold <johan at kernel.org>
(cherry picked from commit 146cc8a17a3b4996f6805ee5c080e7101277c410)
Signed-off-by: Paolo Pisati <paolo.pisati at canonical.com>
---
drivers/usb/serial/kl5kusb105.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/serial/kl5kusb105.c b/drivers/usb/serial/kl5kusb105.c
index 1b4054f..8f75faf 100644
--- a/drivers/usb/serial/kl5kusb105.c
+++ b/drivers/usb/serial/kl5kusb105.c
@@ -198,10 +198,11 @@ static int klsi_105_get_line_state(struct usb_serial_port *port,
status_buf, KLSI_STATUSBUF_LEN,
10000
);
- if (rc < 0)
- dev_err(&port->dev, "Reading line status failed (error = %d)\n",
- rc);
- else {
+ if (rc != KLSI_STATUSBUF_LEN) {
+ dev_err(&port->dev, "reading line status failed: %d\n", rc);
+ if (rc >= 0)
+ rc = -EIO;
+ } else {
status = get_unaligned_le16(status_buf);
dev_info(&port->serial->dev->dev, "read status %x %x",
--
2.7.4
More information about the kernel-team
mailing list