usb: core: add sanity checks when using bInterfaceClass with new_id
authorWolfram Sang <wsa@the-dreams.de>
Fri, 10 Jan 2014 18:36:41 +0000 (19:36 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 11 Jan 2014 00:54:35 +0000 (16:54 -0800)
Check if that field is actually used and if so, bail out if it exeeds a
u8. Make it also future-proof by not requiring "exactly three"
parameters in new_id, but simply "more than two".

Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/core/driver.c

index 8d989b1d3dc5f2e62b79afe7edf0b61fe9d4d3aa..574f5a04c92de71f18e01227b70782c91638129c 100644 (file)
@@ -60,7 +60,10 @@ ssize_t usb_store_new_id(struct usb_dynids *dynids,
        dynid->id.idVendor = idVendor;
        dynid->id.idProduct = idProduct;
        dynid->id.match_flags = USB_DEVICE_ID_MATCH_DEVICE;
-       if (fields == 3) {
+       if (fields > 2 && bInterfaceClass) {
+               if (bInterfaceClass > 255)
+                       return -EINVAL;
+
                dynid->id.bInterfaceClass = (u8)bInterfaceClass;
                dynid->id.match_flags |= USB_DEVICE_ID_MATCH_INT_CLASS;
        }