ACK: [PATCH] USB: serial: kl5kusb105: fix line-state error handling
Kleber Souza
kleber.souza at canonical.com
Mon Jul 23 16:19:37 UTC 2018
On 07/23/18 16:40, Paolo Pisati wrote:
> From: Johan Hovold <johan at kernel.org>
>
> CVE-2017-5549
>
> The current implementation failed to detect short transfers when
> attempting to read the line state, and also, to make things worse,
> logged the content of the uninitialised heap transfer buffer.
>
> Fixes: abf492e7b3ae ("USB: kl5kusb105: fix DMA buffers on stack")
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable <stable at vger.kernel.org>
> Reviewed-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
> Signed-off-by: Johan Hovold <johan at kernel.org>
> (cherry picked from commit 146cc8a17a3b4996f6805ee5c080e7101277c410)
> Signed-off-by: Paolo Pisati <paolo.pisati at canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
> ---
> drivers/usb/serial/kl5kusb105.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/usb/serial/kl5kusb105.c b/drivers/usb/serial/kl5kusb105.c
> index 1b4054f..8f75faf 100644
> --- a/drivers/usb/serial/kl5kusb105.c
> +++ b/drivers/usb/serial/kl5kusb105.c
> @@ -198,10 +198,11 @@ static int klsi_105_get_line_state(struct usb_serial_port *port,
> status_buf, KLSI_STATUSBUF_LEN,
> 10000
> );
> - if (rc < 0)
> - dev_err(&port->dev, "Reading line status failed (error = %d)\n",
> - rc);
> - else {
> + if (rc != KLSI_STATUSBUF_LEN) {
> + dev_err(&port->dev, "reading line status failed: %d\n", rc);
> + if (rc >= 0)
> + rc = -EIO;
> + } else {
> status = get_unaligned_le16(status_buf);
>
> dev_info(&port->serial->dev->dev, "read status %x %x",
>
More information about the kernel-team
mailing list