ACK: [CVE-2017-7273][PATCH T] HID: hid-cypress: validate length of report
Stefan Bader
stefan.bader at canonical.com
Fri Jul 21 08:20:09 UTC 2017
On 19.07.2017 10:55, Po-Hsu Lin wrote:
> From: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
>
> CVE-2017-7273
>
> Make sure we have enough of a report structure to validate before
> looking at it.
>
> Reported-by: Benoit Camredon <benoit.camredon at airbus.com>
> Tested-by: Benoit Camredon <benoit.camredon at airbus.com>
> Cc: stable <stable at vger.kernel.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
> Signed-off-by: Jiri Kosina <jkosina at suse.cz>
> (cherry picked from commit 1ebb71143758f45dc0fa76e2f48429e13b16d110)
> Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
> drivers/hid/hid-cypress.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/hid/hid-cypress.c b/drivers/hid/hid-cypress.c
> index c4ef3bc..e299576 100644
> --- a/drivers/hid/hid-cypress.c
> +++ b/drivers/hid/hid-cypress.c
> @@ -39,6 +39,9 @@ static __u8 *cp_report_fixup(struct hid_device *hdev, __u8 *rdesc,
> if (!(quirks & CP_RDESC_SWAPPED_MIN_MAX))
> return rdesc;
>
> + if (*rsize < 4)
> + return rdesc;
> +
> for (i = 0; i < *rsize - 4; i++)
> if (rdesc[i] == 0x29 && rdesc[i + 2] == 0x19) {
> __u8 tmp;
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20170721/7b28c258/attachment.sig>
More information about the kernel-team
mailing list