On Wed, Sep 4, 2013 at 6:37 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > These patches introduce a validation function for HID devices that do > direct report value accesses, solving a number of heap smashing flaws. > > This version changes to using an field-index-based checker for the new > "hid_validate_values()" which requires callers to loop across fields if > they use more than one field. I am globally happy with the patch series. I have some concerns about patches 4 6 and 7, but the other can be applied right now. Kees, if you want to switch to something else, I can handle the v3 for these three patches: I have some logitech-dj devices and a tester for the lenovo one. Cheers, Benjamin > > -Kees > > -- > To unsubscribe from this list: send the line "unsubscribe linux-input" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
