debian/patches/extra/CVE-2016-2392-check-USB-configuration-descriptor-object.patch

   1 From f979659e509e9d6da5cd3d74c459b944e131ce73 Mon Sep 17 00:00:00 2001
   2 From: Prasad J Pandit <pjp@fedoraproject.org>
   3 Date: Thu, 11 Feb 2016 16:31:20 +0530
   4 Subject: [PATCH] usb: check USB configuration descriptor object
   5
   6 When processing remote NDIS control message packets, the USB Net
   7 device emulator checks to see if the USB configuration descriptor
   8 object is of RNDIS type(2). But it does not check if it is null,
   9 which leads to a null dereference error. Add check to avoid it.
  10
  11 Reported-by: Qinghao Tang <luodalongde@gmail.com>
  12 Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
  13 ---
  14  hw/usb/dev-network.c | 3 ++-
  15  1 file changed, 2 insertions(+), 1 deletion(-)
  16
  17 diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
  18 index 7800cee..8a4ff49 100644
  19 --- a/hw/usb/dev-network.c
  20 +++ b/hw/usb/dev-network.c
  21 @@ -653,7 +653,8 @@ typedef struct USBNetState {
  22
  23  static int is_rndis(USBNetState *s)
  24  {
  25 -    return s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE;
  26 +    return s->dev.config ?
  27 +            s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE : 0;
  28  }
  29
  30  static int ndis_query(USBNetState *s, uint32_t oid,
  31 --
  32 2.1.4
  33