upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 00:32:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

ued may be NULL here which will cause a panic... reproducable by

Browse source 
simply doing a usbconfig reset on a device which doesn't reset itself
properly...
This commit is contained in:
John-Mark Gurney 2021-06-28 18:09:14 -07:00
parent f94360971e
commit 3d5104182c
1 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
sys/dev/usb/net/if_cdce.c
View file

@ -709,18 +709,18 @@ alloc_transfers:
if ((ued == NULL) || (ued->bLength < sizeof(*ued))) {
error = USB_ERR_INVAL;
} else {
/*
* ECM 1.2 doesn't say it excludes the CRC, but states that it's
* normally 1514, which excludes the CRC.
*/
DPRINTF("max segsize: %d\n", UGETW(ued->wMaxSegmentSize));
if (UGETW(ued->wMaxSegmentSize) >= (ETHER_MAX_LEN - ETHER_CRC_LEN + ETHER_VLAN_ENCAP_LEN))
sc->sc_flags |= CDCE_FLAG_VLAN;
error = usbd_req_get_string_any(uaa->device, NULL,
eaddr_str, sizeof(eaddr_str), ued->iMacAddress);
}
/*
* ECM 1.2 doesn't say it excludes the CRC, but states that it's
* normally 1514, which excludes the CRC.
*/
DPRINTF("max segsize: %d\n", UGETW(ued->wMaxSegmentSize));
if (UGETW(ued->wMaxSegmentSize) >= (ETHER_MAX_LEN - ETHER_CRC_LEN + ETHER_VLAN_ENCAP_LEN))
sc->sc_flags |= CDCE_FLAG_VLAN;
if (error) {
/* fake MAC address */