USBTMC devices are required to have a bulk-in and a bulk-out endpoint, but the driver failed to verify this, something which could lead to the endpoint addresses being taken from uninitialised memory. Make sure to zero all private data as part of allocation, and add the missing endpoint sanity check. Note that this also addresses a more recently introduced issue, where the interrupt-in-presence flag would also be uninitialised whenever the optional interrupt-in endpoint is not present. This in turn could lead to an interrupt urb being allocated, initialised and submitted based on uninitialised values. Fixes: |
||
---|---|---|
.. | ||
cdc-acm.c | ||
cdc-acm.h | ||
cdc-wdm.c | ||
Kconfig | ||
Makefile | ||
usblp.c | ||
usbtmc.c |