Commit 406636340c301b46062b22f94e3815ef767bd6a3
Committed by
David S. Miller
David S. Miller
1 parent
d73bcd2c28
caif_usb: Check driver name before reading driver state in netdev notifier
In cfusbl_device_notify(), the usbnet and usbdev variables are initialised before the driver name has been checked. In case the device's driver is not cdc_ncm, this may result in reading beyond the end of the netdev private area. Move the initialisation below the driver name check. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 1 changed file with 5 additions and 2 deletions Side-by-side Diff
net/caif/caif_usb.c
| ... | ... | @@ -126,8 +126,8 @@ |
| 126 | 126 | struct net_device *dev = arg; |
| 127 | 127 | struct caif_dev_common common; |
| 128 | 128 | struct cflayer *layer, *link_support; |
| 129 | - struct usbnet *usbnet = netdev_priv(dev); | |
| 130 | - struct usb_device *usbdev = usbnet->udev; | |
| 129 | + struct usbnet *usbnet; | |
| 130 | + struct usb_device *usbdev; | |
| 131 | 131 | struct ethtool_drvinfo drvinfo; |
| 132 | 132 | |
| 133 | 133 | /* |
| ... | ... | @@ -140,6 +140,9 @@ |
| 140 | 140 | dev->ethtool_ops->get_drvinfo(dev, &drvinfo); |
| 141 | 141 | if (strncmp(drvinfo.driver, "cdc_ncm", 7) != 0) |
| 142 | 142 | return 0; |
| 143 | + | |
| 144 | + usbnet = netdev_priv(dev); | |
| 145 | + usbdev = usbnet->udev; | |
| 143 | 146 | |
| 144 | 147 | pr_debug("USB CDC NCM device VID:0x%4x PID:0x%4x\n", |
| 145 | 148 | le16_to_cpu(usbdev->descriptor.idVendor), |