ChangeSet 1.1318.4.8, 2003/06/16 17:39:56-07:00, mdharm-usb@one-eyed-alien.net

[PATCH] USB storage: avoid NULL-ptr OOPS

This patch will avoid a NULL-pointer dereference OOPS which is caused by
oddly-formed (yet legal) INQUIRY commands that request 0 bytes.


 drivers/usb/storage/protocol.c |    4 ++++
 1 files changed, 4 insertions(+)


diff -Nru a/drivers/usb/storage/protocol.c b/drivers/usb/storage/protocol.c
--- a/drivers/usb/storage/protocol.c	Wed Jun 18 11:15:03 2003
+++ b/drivers/usb/storage/protocol.c	Wed Jun 18 11:15:03 2003
@@ -82,6 +82,10 @@
 	if (srb->cmnd[0] != INQUIRY)
 		return;
 
+	/* oddly short buffer -- bail out */
+	if (srb->request_bufflen < 3)
+		return;
+
 	data_ptr = find_data_location(srb);
 
 	if ((data_ptr[2] & 7) == 2)