diff options
| author | Sriharsha Allenki <sallenki@codeaurora.org> | 2017-07-26 17:06:53 +0530 |
|---|---|---|
| committer | Sriharsha Allenki <sallenki@codeaurora.org> | 2017-08-02 10:33:06 +0530 |
| commit | bce4a8a55c21e0475466bed36eabc1dcc9ff76ff (patch) | |
| tree | 010d90aa62089e0a12933429a7a50fd1cadad346 | |
| parent | ac8211566ba58dd2be22c399f559a44a09054bf4 (diff) | |
usb: f_gsi: Fix rndis message parsing of erroneous requests
In the completion handler of rndis command requests
we are parsing the request buffers without
checking the status of the request. This might
cause parsing of the erroneous requests.
Fix this by checking the status of the request before
parsing the request buffer.
Change-Id: I52001128ac421e58e1801eebc243a8c91618582c
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
| -rw-r--r-- | drivers/usb/gadget/function/f_gsi.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/usb/gadget/function/f_gsi.c b/drivers/usb/gadget/function/f_gsi.c index 3f903d4776b4..19fe6c8cb25a 100644 --- a/drivers/usb/gadget/function/f_gsi.c +++ b/drivers/usb/gadget/function/f_gsi.c @@ -1579,6 +1579,12 @@ static void gsi_rndis_command_complete(struct usb_ep *ep, struct f_gsi *rndis = req->context; int status; + if (req->status != 0) { + log_event_err("RNDIS command completion error %d\n", + req->status); + return; + } + status = rndis_msg_parser(rndis->params, (u8 *) req->buf); if (status < 0) log_event_err("RNDIS command error %d, %d/%d", |