esd_usb_probe() constructs bulk pipes for two endpoints without
verifying their transfer types:

  - usb_rcvbulkpipe(dev->udev, 1) for RX (version reply, async RX data)
  - usb_sndbulkpipe(dev->udev, 2) for TX (version query, CAN frames)

A malformed USB device can present these endpoints with transfer types
that differ from what the driver assumes, triggering the WARNING in
usb_submit_urb().

Add usb_check_bulk_endpoints() before the first bulk transfer to verify
endpoint types, rejecting devices with mismatched descriptors at probe
time.

Similar to
- commit 90b7f2961798 ("net: usb: rtl8150: enable basic endpoint checking")
  which established the usb_check_bulk_endpoints() validation pattern.

Fixes: 96d8e90382dc ("can: Add driver for esd CAN-USB/2 device")
Signed-off-by: Ziyi Guo <n7l8m4@u.northwestern.edu>
---
 drivers/net/can/usb/esd_usb.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/drivers/net/can/usb/esd_usb.c b/drivers/net/can/usb/esd_usb.c
index 8cc924c47042..054ded490eb3 100644
--- a/drivers/net/can/usb/esd_usb.c
+++ b/drivers/net/can/usb/esd_usb.c
@@ -1301,6 +1301,10 @@ static int esd_usb_probe(struct usb_interface *intf,
 	struct esd_usb *dev;
 	union esd_usb_msg *msg;
 	int i, err;
+	static const u8 bulk_ep_addr[] = {
+		USB_DIR_IN | 1,		/* EP 1 IN  (RX) */
+		USB_DIR_OUT | 2,	/* EP 2 OUT (TX) */
+		0};
 
 	dev = kzalloc(sizeof(*dev), GFP_KERNEL);
 	if (!dev) {
@@ -1320,6 +1324,13 @@ static int esd_usb_probe(struct usb_interface *intf,
 		goto free_msg;
 	}
 
+	/* Verify that the required bulk endpoints are present */
+	if (!usb_check_bulk_endpoints(intf, bulk_ep_addr)) {
+		dev_err(&intf->dev, "Missing or invalid bulk endpoints\n");
+		err = -ENODEV;
+		goto free_msg;
+	}
+
 	/* query number of CAN interfaces (nets) */
 	msg->hdr.cmd = ESD_USB_CMD_VERSION;
 	msg->hdr.len = sizeof(struct esd_usb_version_msg) / sizeof(u32); /* # of 32bit words */
-- 
2.34.1