From 2f5c638ced00fff2356ce0a02f16c8e928259750 Mon Sep 17 00:00:00 2001 From: Christopher Harvey Date: Fri, 23 Mar 2012 10:55:25 -0400 Subject: [PATCH] staging: usbip: fix potential segfault because of unchecked return value of strchr. This doesn't happen with the usbip virtual hci module, but another module wanting to interface with this user space code could cause a seg-fault by sending data without newlines. Signed-off-by: Christopher Harvey Signed-off-by: Greg Kroah-Hartman --- drivers/staging/usbip/userspace/libsrc/vhci_driver.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/drivers/staging/usbip/userspace/libsrc/vhci_driver.c b/drivers/staging/usbip/userspace/libsrc/vhci_driver.c index 2697877..0958ba5 100644 --- a/drivers/staging/usbip/userspace/libsrc/vhci_driver.c +++ b/drivers/staging/usbip/userspace/libsrc/vhci_driver.c @@ -59,7 +59,10 @@ static int parse_status(char *value) /* skip a header line */ - c = strchr(value, '\n') + 1; + c = strchr(value, '\n'); + if (!c) + return -1; + c++; while (*c != '\0') { int port, status, speed, devid; @@ -109,7 +112,10 @@ static int parse_status(char *value) /* go to the next line */ - c = strchr(c, '\n') + 1; + c = strchr(c, '\n'); + if (!c) + break; + c++; } dbg("exit"); @@ -264,11 +270,17 @@ static int get_nports(void) attr_status->method, attr_status->value); /* skip a header line */ - c = strchr(attr_status->value, '\n') + 1; + c = strchr(attr_status->value, '\n'); + if (!c) + return 0; + c++; while (*c != '\0') { /* go to the next line */ - c = strchr(c, '\n') + 1; + c = strchr(c, '\n'); + if (!c) + return nports; + c++; nports += 1; } -- 2.7.4