• Johan Hovold's avatar
    USB: usbtmc: add missing endpoint sanity check · ad1bbccd
    Johan Hovold authored
    commit 687e0687 upstream.
    
    USBTMC devices are required to have a bulk-in and a bulk-out endpoint,
    but the driver failed to verify this, something which could lead to the
    endpoint addresses being taken from uninitialised memory.
    
    Make sure to zero all private data as part of allocation, and add the
    missing endpoint sanity check.
    
    Note that this also addresses a more recently introduced issue, where
    the interrupt-in-presence flag would also be uninitialised whenever the
    optional interrupt-in endpoint is not present. This in turn could lead
    to an interrupt urb being allocated, initialised and submitted based on
    uninitialised values.
    
    Fixes: dbf3e7f6 ("Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation.")
    Fixes: 5b775f67 ("USB: add USB test and measurement class driver")
    Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    ad1bbccd
usbtmc.c 37.8 KB