public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/usb/core
History
Alan Stern c99197902d USB: fix use-after-free bug in usb_hcd_unlink_urb() 
The usb_hcd_unlink_urb() routine in hcd.c contains two possible
use-after-free errors.  The dev_dbg() statement at the end of the
routine dereferences urb and urb->dev even though both structures may
have been deallocated.

This patch fixes the problem by storing urb->dev in a local variable
(avoiding the dereference of urb) and moving the dev_dbg() up before
the usb_put_dev() call.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Joe Lawrence <joe.lawrence@stratus.com>
Tested-by: Joe Lawrence <joe.lawrence@stratus.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
2015-01-31 09:05:06 -08:00
..
buffer.c usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN 2015-01-09 10:21:31 -08:00
config.c usb-core bInterval quirk 2014-08-01 15:47:05 -07:00
devices.c
devio.c USB: usbfs: allow URBs to be reaped after disconnection 2015-01-31 09:05:06 -08:00
driver.c USB: add flag for HCDs that can't receive wakeup requests (isp1760-hcd) 2015-01-31 09:05:06 -08:00
endpoint.c
file.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-11-13 15:34:18 +09:00
generic.c staging: usbip: convert usbip-host driver to usb_device_driver 2014-02-07 10:54:30 -08:00
hcd-pci.c USB / PM: Drop CONFIG_PM_RUNTIME from the USB core 2014-12-04 00:51:54 +01:00
hcd.c USB: fix use-after-free bug in usb_hcd_unlink_urb() 2015-01-31 09:05:06 -08:00
hub.c usb: core: hub: modify hub reset logic in hub driver 2015-01-25 21:05:59 +08:00
hub.h usb: hub: convert khubd into workqueue 2014-09-23 22:33:19 -07:00
Kconfig PM / Kconfig: Replace PM_RUNTIME with PM in dependencies 2014-12-13 00:44:04 +01:00
Makefile USB: core: remove CONFIG_USB_DEBUG usage 2013-12-21 16:01:00 -08:00
message.c USB: don't cancel queued resets when unbinding drivers 2015-01-25 20:54:17 +08:00
notify.c
otg_whitelist.h usb: core: TPL should apply for both OTG and EH 2014-09-23 21:28:41 -07:00
port.c USB / PM: Drop CONFIG_PM_RUNTIME from the USB core 2014-12-04 00:51:54 +01:00
quirks.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2014-12-12 10:26:47 -08:00
sysfs.c USB / PM: Drop CONFIG_PM_RUNTIME from the USB core 2014-12-04 00:51:54 +01:00
urb.c usb: core: allow zero packet flag for interrupt urbs 2014-07-22 16:30:58 -07:00
usb-acpi.c usb: find internal hub tier mismatch via acpi 2014-05-27 16:38:52 -07:00
usb.c usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN 2015-01-09 10:21:31 -08:00
usb.h USB / PM: Drop CONFIG_PM_RUNTIME from the USB core 2014-12-04 00:51:54 +01:00