From: "Bruno Prémont" <bonbons@linux-vserver.org>
To: Jiri Kosina <jkosina@suse.cz>
Cc: linux-input@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] HID: picolcd: sanity check report size in raw_event() callback
Date: Wed, 27 Aug 2014 10:13:11 +0200 [thread overview]
Message-ID: <20140827101311.098f3fd1@pluto> (raw)
In-Reply-To: <alpine.LNX.2.00.1408270912310.2992@pobox.suse.cz>
On Wed, 27 Aug 2014 09:13:15 +0200 (CEST) Jiri Kosina wrote:
> The report passed to us from transport driver could potentially be
> arbitrarily large, therefore we better sanity-check it so that raw_data
> that we hold in picolcd_pending structure are always kept within proper
> bounds.
>
> Cc: stable@vger.kernel.org
> Reported-by: Steven Vittitoe <scvitti@google.com>
> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Acked-by: Bruno Prémont <bonbons@linux-vserver.org>
> ---
> drivers/hid/hid-picolcd_core.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c
> index acbb0210..020df3c 100644
> --- a/drivers/hid/hid-picolcd_core.c
> +++ b/drivers/hid/hid-picolcd_core.c
> @@ -350,6 +350,12 @@ static int picolcd_raw_event(struct hid_device *hdev,
> if (!data)
> return 1;
>
> + if (size > 64) {
> + hid_warn(hdev, "invalid size value (%d) for picolcd raw event\n",
> + size);
Is it worth adding report->id to this hid_warn()?
A valid device is not expected to ever send >64 bytes reports but in
case a firmware update would do so it would help to know for which
report it was.
> + return 0;
> + }
> +
> if (report->id == REPORT_KEY_STATE) {
> if (data->input_keys)
> ret = picolcd_raw_keypad(data, report, raw_data+1, size-1);
next prev parent reply other threads:[~2014-08-27 8:13 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-27 7:12 [PATCH 1/2] HID: magicmouse: sanity check report size in raw_event() callback Jiri Kosina
2014-08-27 7:13 ` [PATCH 2/2] HID: picolcd: " Jiri Kosina
2014-08-27 8:13 ` Bruno Prémont [this message]
2014-08-27 8:25 ` Jiri Kosina
2014-08-27 8:25 ` Jiri Kosina
2014-08-27 21:32 ` Jiri Kosina
2014-08-28 5:57 ` Bruno Prémont
2014-08-28 5:57 ` Bruno Prémont
2014-08-27 13:54 ` [PATCH 1/2] HID: magicmouse: " Benjamin Tissoires
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140827101311.098f3fd1@pluto \
--to=bonbons@linux-vserver.org \
--cc=jkosina@suse.cz \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.