On Mon, Sep 9, 2013 at 6:48 AM, Benjamin Tissoires <benjamin.tissoires@xxxxxxxxx> wrote: > On Wed, Sep 4, 2013 at 6:37 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: >> These patches introduce a validation function for HID devices that do >> direct report value accesses, solving a number of heap smashing flaws. >> >> This version changes to using an field-index-based checker for the new >> "hid_validate_values()" which requires callers to loop across fields if >> they use more than one field. > > I am globally happy with the patch series. > I have some concerns about patches 4 6 and 7, but the other can be > applied right now. > > Kees, if you want to switch to something else, I can handle the v3 for > these three patches: I have some logitech-dj devices and a tester for > the lenovo one. That would be fantastic, thank you. I don't have any tools to test these in the "expected" case. :) -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
