Re: [PATCH v2] HID: usbhid: fix out-of-bounds bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 28 Sep 2017, Jaejoong Kim wrote:

> The hid descriptor identifies the length and type of subordinate
> descriptors for a device. If the received hid descriptor is smaller than
> the size of the struct hid_descriptor, it is possible to cause
> out-of-bounds.
> 
> In addition, if bNumDescriptors of the hid descriptor have an incorrect
> value, this can also cause out-of-bounds while approaching hdesc->desc[n].
> 
> So check the size of hid descriptor and bNumDescriptors.

Applied to for-4.14/upstream-fixes. Thanks,

-- 
Jiri Kosina
SUSE Labs

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux