HID: Fix assumption that devices have inputs (d092ff2b) · Commits · Bryan O'Donoghue / Kernel

Commit d092ff2b authored 5 years ago by Alan Stern Committed by Todd Kjos 5 years ago

HID: Fix assumption that devices have inputs


commit d9d4b1e4 upstream.

The syzbot fuzzer found a slab-out-of-bounds write bug in the hid-gaff
driver.  The problem is caused by the driver's assumption that the
device must have an input report.  While this will be true for all
normal HID input devices, a suitably malicious device can violate the
assumption.

The same assumption is present in over a dozen other HID drivers.
This patch fixes them by checking that the list of hid_inputs for the
hid_device is nonempty before allowing it to be used.

Reported-and-tested-by:  <syzbot+403741a091bf41d4ae79@syzkaller.appspotmail.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 797c81f6

Hide whitespace changes

Inline Side-by-side

Showing with 108 additions and 32 deletions

Please register or to comment