On Sat, 31 Aug 2013, Bruno Prémont wrote: > Hi Kees, Jiri, > > On Wed, 28 August 2013 Jiri Kosina <jkosina@xxxxxxx> wrote: > > From: Kees Cook <keescook@xxxxxxxxxxxx> > > > > A HID device could send a malicious output report that would cause the > > picolcd HID driver to trigger a NULL dereference during attr file writing. > > > > CVE-2013-2899 > > > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > > Cc: stable@xxxxxxxxxx > > --- > > drivers/hid/hid-picolcd_core.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c > > index b48092d..72bba1e 100644 > > --- a/drivers/hid/hid-picolcd_core.c > > +++ b/drivers/hid/hid-picolcd_core.c > > @@ -290,7 +290,7 @@ static ssize_t picolcd_operation_mode_store(struct device *dev, > > buf += 10; > > cnt -= 10; > > } > > - if (!report) > > + if (!report || report->maxfield < 1) > > Please do > + if (!report || report->maxfield != 1) > > That way we are consistent with whole picolcd driver and a device > deciding to change its HID-ABI will be properly detected. > > With that adjustment, Acked-by/Reviewed-by me Applied with that adjustment. Thanks, -- Jiri Kosina SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
