Skip to content

L
linux
Commit 79a9b4b6 authored by Herbert Xu's avatar Herbert Xu Committed by Vojtech Pavlik
Browse files
Options

input: Fix boundary checks for GUSAGE/SUSAGE in hiddev. 

Signed-off-by: default avatarVojtech Pavlik <vojtech@suse.cz>
parent ccbcf771
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 7 deletions
drivers/usb/input/hiddev.c
View file @ 79a9b4b6
...@@ -638,16 +638,22 @@ static int hiddev_ioctl(struct inode *inode, struct file *file, unsigned int cmd ...@@ -638,16 +638,22 @@ static int hiddev_ioctl(struct inode *inode, struct file *file, unsigned int cmd
goto inval; goto inval;
field = report->field[uref->field_index]; field = report->field[uref->field_index];
if (uref->usage_index >= field->maxusage)
goto inval;
if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) { if (cmd == HIDIOCGCOLLECTIONINDEX) {
if (uref_multi->num_values >= HID_MAX_MULTI_USAGES || if (uref->usage_index >= field->maxusage)
uref->usage_index >= field->maxusage ||
(uref->usage_index + uref_multi->num_values) >= field->maxusage)
goto inval; goto inval;
} else if (uref->usage_index >= field->report_count)
goto inval;
else if ((cmd == HIDIOCGUSAGES ||
cmd == HIDIOCSUSAGES) &&
(uref->usage_index + uref_multi->num_values >=
field->report_count ||
uref->usage_index + uref_multi->num_values <
uref->usage_index))
goto inval;
} }
}
switch (cmd) { switch (cmd) {
case HIDIOCGUSAGE: case HIDIOCGUSAGE:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7