From: Roel Kluin <roel.kluin@gmail.com>
Date: Thu, 18 Feb 2010 01:36:23 +0000 (+0100)
Subject: USB: don't read past config->interface[] if usb_control_msg() fails in usb_reset_conf... 
X-Git-Tag: v2.6.34-rc1~215^2~15
X-Git-Url: http://ftp.safe.ca/?a=commitdiff_plain;h=e4a3d94658b5760fc947d7f7185c57db47ca362a;p=safe%2Fjmp%2Flinux-2.6

USB: don't read past config->interface[] if usb_control_msg() fails in usb_reset_configuration()

While looping over the interfaces, if usb_hcd_alloc_bandwidth() fails it calls
hcd->driver->reset_bandwidth(), so there was no need to reinstate the interface
again.

If no break occurred, the index equals config->desc.bNumInterfaces. A
subsequent usb_control_msg() failure resulted in a read from
config->interface[config->desc.bNumInterfaces] at label reset_old_alts.

In either case the last interface should be skipped.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Acked-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
index e5d5a26..cd22027 100644
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -1471,7 +1471,7 @@ int usb_reset_configuration(struct usb_device *dev)
 	/* If not, reinstate the old alternate settings */
 	if (retval < 0) {
 reset_old_alts:
-		for (; i >= 0; i--) {
+		for (i--; i >= 0; i--) {
 			struct usb_interface *intf = config->interface[i];
 			struct usb_host_interface *alt;