HID: fix incorrent length condition in hidraw_write()

The bound check on the buffer length if (count > HID_MIN_BUFFER_SIZE) is of course incorrent, the proper check is if (count > HID_MAX_BUFFER_SIZE) Fix it. Reported-by: Jerry Ryle <jerry@mindtribe.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>

HID: fix incorrent length condition in hidraw_write()
The bound check on the buffer length if (count > HID_MIN_BUFFER_SIZE) is of course incorrent, the proper check is if (count > HID_MAX_BUFFER_SIZE) Fix it. Reported-by: Jerry Ryle <jerry@mindtribe.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2b107d62 · Jiri Kosina · d92870dd · 2b107d62
Commit 2b107d62 authored Sep 17, 2008 by Jiri Kosina
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/hid/hidraw.c drivers/hid/hidraw.c +1 -1

No files found.
--- a/drivers/hid/hidraw.c
+++ b/drivers/hid/hidraw.c
@@ -113,7 +113,7 @@ static ssize_t hidraw_write(struct file *file, const char __user *buffer, size_t
 	if (!dev->hid_output_raw_report)
 		return -ENODEV;

-	if (count > HID_MIN_BUFFER_SIZE) {
+	if (count > HID_MAX_BUFFER_SIZE) {
 		printk(KERN_WARNING "hidraw: pid %d passed too large report\n",
 				task_pid_nr(current));
 		return -EINVAL;