From 48de1a17fc41613b7e9d61037fa989256d04234f Mon Sep 17 00:00:00 2001 From: Larry Finger Date: Fri, 2 Mar 2012 13:21:22 -0600 Subject: [PATCH] rtlwifi: Detect misread of end-point count In the unlikely event of a misread of the USB end point count, the driver generates a divide fault. To prevent this, add a check of the value returned by _rtl_usb_init(). In addition, add some logging to indicate why the condition occurred. Signed-off-by: Larry Finger Signed-off-by: John W. Linville --- drivers/net/wireless/rtlwifi/usb.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/rtlwifi/usb.c b/drivers/net/wireless/rtlwifi/usb.c index ffcf89fe45e..b0eee0eb567 100644 --- a/drivers/net/wireless/rtlwifi/usb.c +++ b/drivers/net/wireless/rtlwifi/usb.c @@ -346,9 +346,14 @@ static int _rtl_usb_init(struct ieee80211_hw *hw) pep_desc->bEndpointAddress, pep_desc->wMaxPacketSize, pep_desc->bInterval); } - if (rtlusb->in_ep_nums < rtlpriv->cfg->usb_interface_cfg->in_ep_num) - return -EINVAL ; - + if (rtlusb->in_ep_nums < rtlpriv->cfg->usb_interface_cfg->in_ep_num) { + pr_err("Too few input end points found\n"); + return -EINVAL; + } + if (rtlusb->out_ep_nums == 0) { + pr_err("No output end points found\n"); + return -EINVAL; + } /* usb endpoint mapping */ err = rtlpriv->cfg->usb_interface_cfg->usb_endpoint_mapping(hw); rtlusb->usb_mq_to_hwq = rtlpriv->cfg->usb_interface_cfg->usb_mq_to_hwq; @@ -976,6 +981,8 @@ int __devinit rtl_usb_probe(struct usb_interface *intf, } rtlpriv->cfg->ops->init_sw_leds(hw); err = _rtl_usb_init(hw); + if (err) + goto error_out; err = _rtl_usb_init_sw(hw); /* Init mac80211 sw */ err = rtl_init_core(hw); -- 2.46.0