From c63fe8f6ca3669f1d120ff70523e2911b9966574 Mon Sep 17 00:00:00 2001 From: Wolfram Sang Date: Fri, 10 Jan 2014 19:36:41 +0100 Subject: [PATCH] usb: core: add sanity checks when using bInterfaceClass with new_id Check if that field is actually used and if so, bail out if it exeeds a u8. Make it also future-proof by not requiring "exactly three" parameters in new_id, but simply "more than two". Signed-off-by: Wolfram Sang Signed-off-by: Greg Kroah-Hartman --- drivers/usb/core/driver.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c index 8d989b1d3dc5..574f5a04c92d 100644 --- a/drivers/usb/core/driver.c +++ b/drivers/usb/core/driver.c @@ -60,7 +60,10 @@ ssize_t usb_store_new_id(struct usb_dynids *dynids, dynid->id.idVendor = idVendor; dynid->id.idProduct = idProduct; dynid->id.match_flags = USB_DEVICE_ID_MATCH_DEVICE; - if (fields == 3) { + if (fields > 2 && bInterfaceClass) { + if (bInterfaceClass > 255) + return -EINVAL; + dynid->id.bInterfaceClass = (u8)bInterfaceClass; dynid->id.match_flags |= USB_DEVICE_ID_MATCH_INT_CLASS; }