Home Home > GIT Browse > SLE12-SP4
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOliver Neukum <oneukum@suse.com>2019-10-15 15:50:15 +0200
committerOliver Neukum <oneukum@suse.com>2019-10-16 15:08:51 +0200
commit7823089d8a62b35ff554ab7436f147522ee42a2c (patch)
treea1e4cd9cd109a15cdf94a903641df95216576adf
parent3cf11e148d820bb51bbbfe4cf2688907f24749ee (diff)
USB: microtek: fix info-leak at probe (bsc#1142635).
-rw-r--r--patches.suse/0001-USB-microtek-fix-info-leak-at-probe.patch42
-rw-r--r--series.conf1
2 files changed, 43 insertions, 0 deletions
diff --git a/patches.suse/0001-USB-microtek-fix-info-leak-at-probe.patch b/patches.suse/0001-USB-microtek-fix-info-leak-at-probe.patch
new file mode 100644
index 0000000000..41829d1264
--- /dev/null
+++ b/patches.suse/0001-USB-microtek-fix-info-leak-at-probe.patch
@@ -0,0 +1,42 @@
+From 177238c3d47d54b2ed8f0da7a4290db492f4a057 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Thu, 3 Oct 2019 09:09:31 +0200
+Subject: [PATCH] USB: microtek: fix info-leak at probe
+Git-commit: 177238c3d47d54b2ed8f0da7a4290db492f4a057
+Patch-mainline: v5.4-rc1
+References: bsc#1142635
+
+Add missing bulk-in endpoint sanity check to prevent uninitialised stack
+data from being reported to the system log and used as endpoint
+addresses.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Cc: stable <stable@vger.kernel.org>
+Reported-by: syzbot+5630ca7c3b2be5c9da5e@syzkaller.appspotmail.com
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Acked-by: Oliver Neukum <oneukum@suse.com>
+Link: https://lore.kernel.org/r/20191003070931.17009-1-johan@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Oliver Neukum <oneukum@suse.com>
+---
+ drivers/usb/image/microtek.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/usb/image/microtek.c b/drivers/usb/image/microtek.c
+index 0a57c2cc8e5a..7a6b122c833f 100644
+--- a/drivers/usb/image/microtek.c
++++ b/drivers/usb/image/microtek.c
+@@ -716,6 +716,10 @@ static int mts_usb_probe(struct usb_interface *intf,
+
+ }
+
++ if (ep_in_current != &ep_in_set[2]) {
++ MTS_WARNING("couldn't find two input bulk endpoints. Bailing out.\n");
++ return -ENODEV;
++ }
+
+ if ( ep_out == -1 ) {
+ MTS_WARNING( "couldn't find an output bulk endpoint. Bailing out.\n" );
+--
+2.16.4
+
diff --git a/series.conf b/series.conf
index aa516029a7..957a877989 100644
--- a/series.conf
+++ b/series.conf
@@ -24761,6 +24761,7 @@
patches.suse/0001-xen-netfront-do-not-use-0U-as-error-return-value-for.patch
patches.suse/msft-hv-1948-scsi-storvsc-setup-1-1-mapping-between-hardware-queu.patch
patches.suse/0001-kernel-sysctl.c-do-not-override-max_threads-provided.patch
+ patches.suse/0001-USB-microtek-fix-info-leak-at-probe.patch
# davem/net
patches.suse/net-ibmvnic-Fix-EOI-when-running-in-XIVE-mode.patch