Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 9279095a9ec191f446372c764413d586c3656214^! / . / drivers / usb / wusbcore / security.c
commit9279095a9ec191f446372c764413d586c3656214[log] [tgz]
authorDavid Vrabel <david.vrabel@csr.com>Mon Dec 07 13:50:41 2009 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>Fri Dec 11 11:55:26 2009 -0800
treec4d2768e6d92419213da60f6b562196a1c82fd94
parent2e9729d0f86094e52d14e8b9e17c0aad565ee477 [diff] [blame]
USB: wusb: correctly check size of security descriptor.

Reported-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: David Vrabel <david.vrabel@csr.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>


diff --git a/drivers/usb/wusbcore/security.c b/drivers/usb/wusbcore/security.c
index 4516c36..edcd2d7 100644
--- a/drivers/usb/wusbcore/security.c
+++ b/drivers/usb/wusbcore/security.c

@@ -205,15 +205,15 @@
 	const void *itr, *top;
 	char buf[64];
 
-	secd = kmalloc(sizeof(struct usb_security_descriptor), GFP_KERNEL);
+	secd = kmalloc(sizeof(*secd), GFP_KERNEL);
 	if (secd == NULL) {
 		result = -ENOMEM;
 		goto out;
 	}
 
 	result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
-				    0, secd, sizeof(struct usb_security_descriptor));
-	if (result < sizeof(secd)) {
+				    0, secd, sizeof(*secd));
+	if (result < sizeof(*secd)) {
 		dev_err(dev, "Can't read security descriptor or "
 			"not enough data: %d\n", result);
 		goto out;