• Alan Stern's avatar
    HID: Fix assumption that devices have inputs · d9d4b1e4
    Alan Stern authored
    The syzbot fuzzer found a slab-out-of-bounds write bug in the hid-gaff
    driver.  The problem is caused by the driver's assumption that the
    device must have an input report.  While this will be true for all
    normal HID input devices, a suitably malicious device can violate the
    assumption.
    
    The same assumption is present in over a dozen other HID drivers.
    This patch fixes them by checking that the list of hid_inputs for the
    hid_device is nonempty before allowing it to be used.
    
    Reported-and-tested-by: syzbot+403741a091bf41d4ae79@syzkaller.appspotmail.com
    Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
    CC: <stable@vger.kernel.org>
    Signed-off-by: default avatarBenjamin Tissoires <benjamin.tissoires@redhat.com>
    d9d4b1e4
hid-lg2ff.c 2.19 KB