Commit 4b063c00 authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman Committed by Jakub Kicinski
Browse files

net: usb: kaweth: validate USB endpoints 



The kaweth driver should validate that the device it is probing has the
proper number and types of USB endpoints it is expecting before it binds
to it.  If a malicious device were to not have the same urbs the driver
will crash later on when it blindly accesses these endpoints.

Cc: stable <stable@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: default avatarSimon Horman <horms@kernel.org>
Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Link: https://patch.msgid.link/2026022305-substance-virtual-c728@gregkh


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent c58b6c29

drivers/net/usb/kaweth.c

+13 −0
Original line number Diff line number Diff line
@@ -883,6 +883,13 @@ static int kaweth_probe( 
	const eth_addr_t bcast_addr = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };

	int result = 0;

	int rv = -EIO;

	static const u8 bulk_ep_addr[] = {

		1 | USB_DIR_IN,

		2 | USB_DIR_OUT,

		0};

	static const u8 int_ep_addr[] = {

		3 | USB_DIR_IN,

		0};



	dev_dbg(dev,

		"Kawasaki Device Probe (Device number:%d): 0x%4.4x:0x%4.4x:0x%4.4x\n",
@@ -896,6 +903,12 @@ static int kaweth_probe( 
		(int)udev->descriptor.bLength,

		(int)udev->descriptor.bDescriptorType);



	if (!usb_check_bulk_endpoints(intf, bulk_ep_addr) ||

	    !usb_check_int_endpoints(intf, int_ep_addr)) {

		dev_err(dev, "couldn't find required endpoints\n");

		return -ENODEV;

	}



	netdev = alloc_etherdev(sizeof(*kaweth));

	if (!netdev)

		return -ENOMEM;