Skip to content

Commit

Permalink
platform: msm: usb_bam: Fix potential use-after-free in connect_pipe
Browse files Browse the repository at this point in the history
In the connect_pipe() failure path, the allocated pipe is freed but
the pointer variable is not reset creating a dangling pointer and
potential UaF if it is later accessed.  Fix it by assigning it to NULL.

Change-Id: Iae9fb05ce819fc94839180762393fa18aaecdd60
Signed-off-by: Jack Pham <[email protected]>
  • Loading branch information
Jack Pham committed May 26, 2022
1 parent 6dd9e34 commit b296c4b
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions drivers/platform/msm/usb_bam.c
Original file line number Diff line number Diff line change
Expand Up @@ -866,6 +866,7 @@ static int connect_pipe(enum usb_ctrl cur_bam, u8 idx, u32 *usb_pipe_idx,
sps_disconnect(*pipe);
free_sps_endpoint:
sps_free_endpoint(*pipe);
*pipe = NULL;
return ret;
}

Expand Down

0 comments on commit b296c4b

Please sign in to comment.