Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f048a516 authored by android-t1's avatar android-t1
Browse files

Integrate security patch 2022-06-05-CVE-2022-24958 

Change-Id: Ic80f1ca3106e31ba13c8d9e7ec8a7e944d7bc163
parent 000cf610

drivers/usb/gadget/legacy/inode.c

+7 −3
Original line number Diff line number Diff line
@@ -1828,8 +1828,9 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 
	spin_lock_irq (&dev->lock);

	value = -EINVAL;

	if (dev->buf) {

		spin_unlock_irq(&dev->lock);

		kfree(kbuf);

		goto fail;

		return value;

	}

	dev->buf = kbuf;
@@ -1876,8 +1877,8 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 


	value = usb_gadget_probe_driver(&gadgetfs_driver);

	if (value != 0) {

		kfree (dev->buf);

		dev->buf = NULL;

		spin_lock_irq(&dev->lock);

		goto fail;

	} else {

		/* at this point "good" hardware has for the first time

		 * let the USB the host see us.  alternatively, if users
@@ -1894,6 +1895,9 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 
	return value;



fail:

	dev->config = NULL;

	dev->hs_config = NULL;

	dev->dev = NULL;

	spin_unlock_irq (&dev->lock);

	pr_debug ("%s: %s fail %zd, %p\n", shortname, __func__, value, dev);

	kfree (dev->buf);