On Tue, 8 Mar 2011, Rafi Rubin wrote:
> Check before dereferencing field->hidinput to fix a reported invalid
> deference bug.
>
> Signed-off-by: Rafi Rubin <rafi@xxxxxxxxxxxxxx>
> ---
> After additional debugging, I realized I'm seeing a variant of Peter's
> bug. On unloading and then reloading hid-ntrig I'm seeing calls during
> initialization to ntrig_event where field->hidinput is NULL and the
> claimed input flag is still set. It seems to me this behavior shouldn't
> happen and the check should be further up the stack.
Actually after thinking about it a little bit more, I don't think this
should be handled up the stack (i.e. in hid_process_event()) -- there
might be HID-bus drivers which would be interested in reports even if not
claimed by hid-input.
> Sorry about sending a such a trivial patch repeatedly :/
> ---
> drivers/hid/hid-ntrig.c | 15 ++++++++++++++-
> 1 files changed, 14 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c
> index beb4034..a93e58c 100644
> --- a/drivers/hid/hid-ntrig.c
> +++ b/drivers/hid/hid-ntrig.c
> @@ -539,8 +539,19 @@ static int ntrig_input_mapped(struct hid_device *hdev, struct hid_input *hi,
> static int ntrig_event (struct hid_device *hid, struct hid_field *field,
> struct hid_usage *usage, __s32 value)
> {
> - struct input_dev *input = field->hidinput->input;
> struct ntrig_data *nd = hid_get_drvdata(hid);
> + struct input_dev *input;
> +
> + /* Skip processing if not a claimed input */
> + if (!(hid->claimed & HID_CLAIMED_INPUT))
> + goto not_claimed_input;
> +
> + /* This function is being called before the structures are fully
> + * initialized */
> + if(!(field->hidinput && field->hidinput->input))
> + return -EINVAL;
> +
> + input = field->hidinput->input;
But audit of other drivers which rely on HID_CLAIMED_INPUT flag should be
done, yes.
Applied, thanks.
--
Jiri Kosina
SUSE Labs, Novell Inc.
--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
