Commit 177238c3 authored by Johan Hovold's avatar Johan Hovold Committed by Greg Kroah-Hartman
Browse files

USB: microtek: fix info-leak at probe 



Add missing bulk-in endpoint sanity check to prevent uninitialised stack
data from being reported to the system log and used as endpoint
addresses.

Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Reported-by: default avatar <syzbot+5630ca7c3b2be5c9da5e@syzkaller.appspotmail.com>
Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
Acked-by: default avatarOliver Neukum <oneukum@suse.com>
Link: https://lore.kernel.org/r/20191003070931.17009-1-johan@kernel.org


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 0aa76038

drivers/usb/image/microtek.c

+4 −0
Original line number Diff line number Diff line
@@ -716,6 +716,10 @@ static int mts_usb_probe(struct usb_interface *intf, 


	}



	if (ep_in_current != &ep_in_set[2]) {

		MTS_WARNING("couldn't find two input bulk endpoints. Bailing out.\n");

		return -ENODEV;

	}



	if ( ep_out == -1 ) {

		MTS_WARNING( "couldn't find an output bulk endpoint. Bailing out.\n" );

CRA Git | Maintained and supported by SUSTech CRA and CCSE