From 5b22f676118ff25049382041da0db8012e57c9e8 Mon Sep 17 00:00:00 2001
From: Shuah Khan <shuahkh@osg.samsung.com>
Date: Thu, 5 Apr 2018 16:31:49 -0600
Subject: [PATCH] usbip: vhci_hcd: check rhport before using in
vhci_hub_control()
Git-commit: 5b22f676118ff25049382041da0db8012e57c9e8
Patch-mainline: v4.17
References: bsc#1090888
Validate !rhport < 0 before using it to access port_status array.
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Oliver Neukum <oneukum@suse.com>
---
drivers/usb/usbip/vhci_hcd.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/usb/usbip/vhci_hcd.c
+++ b/drivers/usb/usbip/vhci_hcd.c
@@ -288,6 +288,8 @@ static int vhci_hub_control(struct usb_h
usbip_dbg_vhci_rh(" ClearHubFeature\n");
break;
case ClearPortFeature:
+ if (rhport < 0)
+ goto error;
switch (wValue) {
case USB_PORT_FEAT_SUSPEND:
if (dum->port_status[rhport] & USB_PORT_STAT_SUSPEND) {
@@ -336,9 +338,12 @@ static int vhci_hub_control(struct usb_h
break;
case GetPortStatus:
usbip_dbg_vhci_rh(" GetPortStatus port %x\n", wIndex);
+ if (rhport < 0)
+ goto error;
if (wIndex > VHCI_HC_PORTS || wIndex < 1) {
pr_err("invalid port number %d\n", wIndex);
retval = -EPIPE;
+ goto error;
}
/* we do not care about resume. */
@@ -385,6 +390,8 @@ static int vhci_hub_control(struct usb_h
retval = -EPIPE;
break;
case SetPortFeature:
+ if (rhport < 0)
+ goto error;
switch (wValue) {
case USB_PORT_FEAT_SUSPEND:
usbip_dbg_vhci_rh(
@@ -415,7 +422,7 @@ static int vhci_hub_control(struct usb_h
default:
pr_err("default: no such request\n");
-
+error:
/* "protocol stall" on error */
retval = -EPIPE;
}