tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

net: usb: kaweth: validate USB endpoints

The kaweth driver should validate that the device it is probing has the
proper number and types of USB endpoints it is expecting before it binds
to it. If a malicious device were to not have the same urbs the driver
will crash later on when it blindly accesses these endpoints.

Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Link: https://patch.msgid.link/2026022305-substance-virtual-c728@gregkh
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Greg Kroah-Hartman and committed by
Jakub Kicinski 4b063c00 c58b6c29

+13
+13
drivers/net/usb/kaweth.c
··· 883 883 const eth_addr_t bcast_addr = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; 884 884 int result = 0; 885 885 int rv = -EIO; 886 + static const u8 bulk_ep_addr[] = { 887 + 1 | USB_DIR_IN, 888 + 2 | USB_DIR_OUT, 889 + 0}; 890 + static const u8 int_ep_addr[] = { 891 + 3 | USB_DIR_IN, 892 + 0}; 886 893 887 894 dev_dbg(dev, 888 895 "Kawasaki Device Probe (Device number:%d): 0x%4.4x:0x%4.4x:0x%4.4x\n", ··· 902 895 dev_dbg(dev, "Descriptor length: %x type: %x\n", 903 896 (int)udev->descriptor.bLength, 904 897 (int)udev->descriptor.bDescriptorType); 898 + 899 + if (!usb_check_bulk_endpoints(intf, bulk_ep_addr) || 900 + !usb_check_int_endpoints(intf, int_ep_addr)) { 901 + dev_err(dev, "couldn't find required endpoints\n"); 902 + return -ENODEV; 903 + } 905 904 906 905 netdev = alloc_etherdev(sizeof(*kaweth)); 907 906 if (!netdev)