From: Christopher Harvey Date: Fri, 23 Mar 2012 14:55:25 +0000 (-0400) Subject: staging: usbip: fix potential segfault because of unchecked return value of strchr. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2f5c638ced00fff2356ce0a02f16c8e928259750;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git staging: usbip: fix potential segfault because of unchecked return value of strchr. This doesn't happen with the usbip virtual hci module, but another module wanting to interface with this user space code could cause a seg-fault by sending data without newlines. Signed-off-by: Christopher Harvey Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/usbip/userspace/libsrc/vhci_driver.c b/drivers/staging/usbip/userspace/libsrc/vhci_driver.c index 269787751b20..0958ba53e94a 100644 --- a/drivers/staging/usbip/userspace/libsrc/vhci_driver.c +++ b/drivers/staging/usbip/userspace/libsrc/vhci_driver.c @@ -59,7 +59,10 @@ static int parse_status(char *value) /* skip a header line */ - c = strchr(value, '\n') + 1; + c = strchr(value, '\n'); + if (!c) + return -1; + c++; while (*c != '\0') { int port, status, speed, devid; @@ -109,7 +112,10 @@ static int parse_status(char *value) /* go to the next line */ - c = strchr(c, '\n') + 1; + c = strchr(c, '\n'); + if (!c) + break; + c++; } dbg("exit"); @@ -264,11 +270,17 @@ static int get_nports(void) attr_status->method, attr_status->value); /* skip a header line */ - c = strchr(attr_status->value, '\n') + 1; + c = strchr(attr_status->value, '\n'); + if (!c) + return 0; + c++; while (*c != '\0') { /* go to the next line */ - c = strchr(c, '\n') + 1; + c = strchr(c, '\n'); + if (!c) + return nports; + c++; nports += 1; }