RE: [PATCH] usb: gadget: prevent potenial null pointer dereference on skb->len
From: Peter Chen
Date: Mon Sep 05 2016 - 22:00:39 EST
>
>From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
>An earlier fix partially fixed the null pointer dereference on skb->len by moving the
>assignment of len after the check on skb being non-null, however it failed to remove
>the erroneous dereference when assigning len.
>Correctly fix this by removing the initialisation of len as was originally intended.
>
>Fixes: 70237dc8efd092 ("usb: gadget: function: f_eem: socket buffer may be NULL")
>Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>---
> drivers/usb/gadget/function/f_eem.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/drivers/usb/gadget/function/f_eem.c b/drivers/usb/gadget/function/f_eem.c
>index 8741fd7..007ec6e 100644
>--- a/drivers/usb/gadget/function/f_eem.c
>+++ b/drivers/usb/gadget/function/f_eem.c
>@@ -342,7 +342,7 @@ static struct sk_buff *eem_wrap(struct gether *port, struct
>sk_buff *skb)
> struct sk_buff *skb2 = NULL;
> struct usb_ep *in = port->in_ep;
> int headroom, tailroom, padlen = 0;
>- u16 len = skb->len;
>+ u16 len;
>
> if (!skb)
> return NULL;
Sorry, my careless, Thanks for fixing it.
Acked-by: Peter Chen <peter.chen@xxxxxxx>
Peter