From 9c44811bd33d5b07d1eb5ee60a5e227971a11ffe Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan@kernel.org>
Date: Tue, 3 Jan 2017 16:39:40 +0100
Subject: [PATCH 1/1] USB: serial: cyberjack: fix NULL-deref at open

commit 3dca01114dcecb1cf324534cd8d75fd1306a516b upstream.

Fix NULL-pointer dereference when clearing halt at open should the device
lack a bulk-out endpoint.

Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
PC is at cyberjack_open+0x40/0x9c [cyberjack]

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <johan@kernel.org>
[bwh: Backported to 3.2: add this check to the existing
 usb_serial_driver::attach implementation]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
 drivers/usb/serial/cyberjack.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/usb/serial/cyberjack.c b/drivers/usb/serial/cyberjack.c
index f744ab7a3b19..2cf85872e938 100644
--- a/drivers/usb/serial/cyberjack.c
+++ b/drivers/usb/serial/cyberjack.c
@@ -122,6 +122,9 @@ static int cyberjack_startup(struct usb_serial *serial)
 
 	dbg("%s", __func__);
 
+	if (serial->num_bulk_out < serial->num_ports)
+		return -ENODEV;
+
 	/* allocate the private data structure */
 	priv = kmalloc(sizeof(struct cyberjack_private), GFP_KERNEL);
 	if (!priv)
-- 
2.39.2