From: David Linares <dlinares.linux@gmail.com>
Date: Mon, 25 Mar 2013 10:50:27 +0000 (+0000)
Subject: USB: hub: Avoid NULL pointer dereference when hub doesn't have any ports
X-Git-Tag: v3.12-rc1~998^2~218
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=769d7368b1727b1b5369d88badf0cbdf0163e079;p=kernel%2Fkernel-generic.git

USB: hub: Avoid NULL pointer dereference when hub doesn't have any ports

Return an error if hub->descriptor->bNbrPorts==0. Without this additional
check, we can end up doing a "hub->ports = kzalloc(0, GFP_KERNEL)".
This hub->ports pointer will therefore be non-NULL and will be used.
Example of dmesg:
   INIT: usb 1-1: New USB device found, idVendor=0424, idProduct=2512
   usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
   hub 1-1:1.0: USB hub found
   version 2.86 bootinghub 1-1:1.0: 0 ports detected
   Unable to handle kernel NULL pointer dereference at virtual address 00000010

Signed-off-by: David Linares <dlinares.linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 5480352..7815462 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1317,6 +1317,10 @@ static int hub_configure(struct usb_hub *hub,
 		message = "hub has too many ports!";
 		ret = -ENODEV;
 		goto fail;
+	} else if (hub->descriptor->bNbrPorts == 0) {
+		message = "hub doesn't have any ports!";
+		ret = -ENODEV;
+		goto fail;
 	}
 
 	hdev->maxchild = hub->descriptor->bNbrPorts;