linux/drivers/usb/core
Alan Stern 1633682053 USB: fix linked-list corruption in rh_call_control()
Using KASAN, Dmitry found a bug in the rh_call_control() routine: If
buffer allocation fails, the routine returns immediately without
unlinking its URB from the control endpoint, eventually leading to
linked-list corruption.

This patch fixes the problem by jumping to the end of the routine
(where the URB is unlinked) when an allocation failure occurs.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: Dmitry Vyukov <dvyukov@google.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-27 09:24:13 +02:00
..
Kconfig usb: core: Introduce a USB port LED trigger 2016-09-27 12:20:17 +02:00
Makefile usb: core: Introduce a USB port LED trigger 2016-09-27 12:20:17 +02:00
buffer.c USB: core: add missing license information to some files 2016-10-29 12:51:56 -04:00
config.c usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk 2017-03-14 17:07:31 +08:00
devices.c usb: core: devices: remove unnecessary & operation 2016-11-03 10:38:23 +02:00
devio.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
driver.c USB: core: add missing license information to some files 2016-10-29 12:51:56 -04:00
endpoint.c usb: patches for v4.10 merge window 2016-11-18 16:02:15 +01:00
file.c USB: core: add missing license information to some files 2016-10-29 12:51:56 -04:00
generic.c USB: core: add missing license information to some files 2016-10-29 12:51:56 -04:00
hcd-pci.c usb: hcd: out of bounds access in for_each_companion 2016-04-13 12:06:18 -07:00
hcd.c USB: fix linked-list corruption in rh_call_control() 2017-03-27 09:24:13 +02:00
hub.c usb: hub: Fix crash after failure to read BOS descriptor 2017-03-17 13:36:58 +09:00
hub.h usb: Support USB 3.1 extended port status request 2016-01-24 20:16:52 -08:00
ledtrig-usbport.c usb: core: usbport: Use proper LED API to fix potential crash 2016-12-06 08:37:41 +01:00
message.c usb: core: update comments for send message functions 2017-01-19 10:34:40 +01:00
notify.c USB: core: add missing license information to some files 2016-10-29 12:51:56 -04:00
of.c usb: core: of.c: fix defined but not declare warning 2016-08-09 16:16:13 +02:00
otg_whitelist.h usb: core: use IS_ENABLED() instead of checking for built-in or module 2016-09-02 14:36:33 +02:00
port.c Revert "USB / PM: Allow USB devices to remain runtime-suspended when sleeping" 2016-05-02 08:44:31 -07:00
quirks.c usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk 2017-03-14 17:07:31 +08:00
sysfs.c USB: core: add missing license information to some files 2016-10-29 12:51:56 -04:00
urb.c usb: patches for v4.10 merge window 2016-11-18 16:02:15 +01:00
usb-acpi.c usb: find internal hub tier mismatch via acpi 2014-05-27 16:38:52 -07:00
usb.c USB: core: add missing license information to some files 2016-10-29 12:51:56 -04:00
usb.h USB: core: add missing license information to some files 2016-10-29 12:51:56 -04:00