-
Michael Zaidman authored
The FT260 is not supposed to generate unexpected HID reports. However, in theory, the unsolicited HID Input reports can be issued by a specially crafted malicious USB device masquerading as FT260 when the attacker has physical access to the USB port. In this case, the read_buf pointer points to the final data portion of the previous I2C Read transfer, and the memcpy invoked in the ft260_raw_event() will try copying the content of the unexpected report into the wrong location. This commit sets the Read buffer pointer to NULL on the I2C Read transaction completion and checks it in the ft260_raw_event() to detect and skip the unsolicited Input report. Reported-by:
Enrik Berkhan <Enrik.Berkhan@inka.de> Signed-off-by:
Michael Zaidman <michael.zaidman@gmail.com> Signed-off-by:
Jiri Kosina <jkosina@suse.cz>
b7121e3c
