diff options
author | Ben Hutchings <bhutchings@solarflare.com> | 2012-12-07 06:17:26 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-12-09 00:34:02 -0500 |
commit | 406636340c301b46062b22f94e3815ef767bd6a3 (patch) | |
tree | 946f232c1817a5f885824716ee70dbe850c6cb18 /net | |
parent | d73bcd2c28e3c77d9f52d42a45a52455488e287e (diff) | |
download | op-kernel-dev-406636340c301b46062b22f94e3815ef767bd6a3.zip op-kernel-dev-406636340c301b46062b22f94e3815ef767bd6a3.tar.gz |
caif_usb: Check driver name before reading driver state in netdev notifier
In cfusbl_device_notify(), the usbnet and usbdev variables are
initialised before the driver name has been checked. In case the
device's driver is not cdc_ncm, this may result in reading beyond the
end of the netdev private area. Move the initialisation below the
driver name check.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/caif/caif_usb.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/caif/caif_usb.c b/net/caif/caif_usb.c index fd7cbf5..582f80c 100644 --- a/net/caif/caif_usb.c +++ b/net/caif/caif_usb.c @@ -126,8 +126,8 @@ static int cfusbl_device_notify(struct notifier_block *me, unsigned long what, struct net_device *dev = arg; struct caif_dev_common common; struct cflayer *layer, *link_support; - struct usbnet *usbnet = netdev_priv(dev); - struct usb_device *usbdev = usbnet->udev; + struct usbnet *usbnet; + struct usb_device *usbdev; struct ethtool_drvinfo drvinfo; /* @@ -141,6 +141,9 @@ static int cfusbl_device_notify(struct notifier_block *me, unsigned long what, if (strncmp(drvinfo.driver, "cdc_ncm", 7) != 0) return 0; + usbnet = netdev_priv(dev); + usbdev = usbnet->udev; + pr_debug("USB CDC NCM device VID:0x%4x PID:0x%4x\n", le16_to_cpu(usbdev->descriptor.idVendor), le16_to_cpu(usbdev->descriptor.idProduct)); |