From 487f9c6710e7dff338e59820f6cfaeaaa87cb532 Mon Sep 17 00:00:00 2001 From: Luiz Fernando Capitulino Date: Mon, 28 Nov 2005 19:16:05 -0200 Subject: [PATCH] [PATCH] USB: usbserial: Adds missing checks and bug fix. Checks if 'port' is NULL before using it in all tty operations, this can avoid NULL pointer dereferences. Signed-off-by: Luiz Capitulino Signed-off-by: Greg Kroah-Hartman --- drivers/usb/serial/usb-serial.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/drivers/usb/serial/usb-serial.c b/drivers/usb/serial/usb-serial.c index 12aaf18ff9ea..5bc023c73893 100644 --- a/drivers/usb/serial/usb-serial.c +++ b/drivers/usb/serial/usb-serial.c @@ -188,6 +188,8 @@ static int serial_open (struct tty_struct *tty, struct file * filp) portNumber = tty->index - serial->minor; port = serial->port[portNumber]; + if (!port) + return -ENODEV; ++port->open_count; @@ -258,6 +260,9 @@ static int serial_write (struct tty_struct * tty, const unsigned char *buf, int struct usb_serial_port *port = tty->driver_data; int retval = -EINVAL; + if (!port) + goto exit; + dbg("%s - port %d, %d byte(s)", __FUNCTION__, port->number, count); if (!port->open_count) { @@ -277,6 +282,9 @@ static int serial_write_room (struct tty_struct *tty) struct usb_serial_port *port = tty->driver_data; int retval = -EINVAL; + if (!port) + goto exit; + dbg("%s - port %d", __FUNCTION__, port->number); if (!port->open_count) { @@ -296,6 +304,9 @@ static int serial_chars_in_buffer (struct tty_struct *tty) struct usb_serial_port *port = tty->driver_data; int retval = -EINVAL; + if (!port) + goto exit; + dbg("%s = port %d", __FUNCTION__, port->number); if (!port->open_count) { @@ -314,6 +325,9 @@ static void serial_throttle (struct tty_struct * tty) { struct usb_serial_port *port = tty->driver_data; + if (!port) + return; + dbg("%s - port %d", __FUNCTION__, port->number); if (!port->open_count) { @@ -330,6 +344,9 @@ static void serial_unthrottle (struct tty_struct * tty) { struct usb_serial_port *port = tty->driver_data; + if (!port) + return; + dbg("%s - port %d", __FUNCTION__, port->number); if (!port->open_count) { @@ -347,6 +364,9 @@ static int serial_ioctl (struct tty_struct *tty, struct file * file, unsigned in struct usb_serial_port *port = tty->driver_data; int retval = -ENODEV; + if (!port) + goto exit; + dbg("%s - port %d, cmd 0x%.4x", __FUNCTION__, port->number, cmd); if (!port->open_count) { @@ -368,6 +388,9 @@ static void serial_set_termios (struct tty_struct *tty, struct termios * old) { struct usb_serial_port *port = tty->driver_data; + if (!port) + return; + dbg("%s - port %d", __FUNCTION__, port->number); if (!port->open_count) { @@ -384,6 +407,9 @@ static void serial_break (struct tty_struct *tty, int break_state) { struct usb_serial_port *port = tty->driver_data; + if (!port) + return; + dbg("%s - port %d", __FUNCTION__, port->number); if (!port->open_count) { @@ -445,6 +471,9 @@ static int serial_tiocmget (struct tty_struct *tty, struct file *file) { struct usb_serial_port *port = tty->driver_data; + if (!port) + goto exit; + dbg("%s - port %d", __FUNCTION__, port->number); if (!port->open_count) { @@ -464,6 +493,9 @@ static int serial_tiocmset (struct tty_struct *tty, struct file *file, { struct usb_serial_port *port = tty->driver_data; + if (!port) + goto exit; + dbg("%s - port %d", __FUNCTION__, port->number); if (!port->open_count) { -- 2.20.1