[PATCH 17/47] Fix boundary checks for GUSAGE/SUSAGE in hiddev.
From: Vojtech Pavlik
Date: Thu Jul 29 2004 - 14:07:53 EST
You can pull this changeset from:
bk://kernel.bkbits.net/vojtech/input
===================================================================
ChangeSet@xxxxxxxxxxxx, 2004-06-06 11:37:43+02:00, herbert@xxxxxxxxxxxxxxxxxxx
input: Fix boundary checks for GUSAGE/SUSAGE in hiddev.
Signed-off-by: Vojtech Pavlik <vojtech@xxxxxxx>
hiddev.c | 20 +++++++++++++-------
1 files changed, 13 insertions(+), 7 deletions(-)
===================================================================
diff -Nru a/drivers/usb/input/hiddev.c b/drivers/usb/input/hiddev.c
--- a/drivers/usb/input/hiddev.c Thu Jul 29 14:41:02 2004
+++ b/drivers/usb/input/hiddev.c Thu Jul 29 14:41:02 2004
@@ -638,16 +638,22 @@
goto inval;
field = report->field[uref->field_index];
- if (uref->usage_index >= field->maxusage)
- goto inval;
- if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) {
- if (uref_multi->num_values >= HID_MAX_MULTI_USAGES ||
- uref->usage_index >= field->maxusage ||
- (uref->usage_index + uref_multi->num_values) >= field->maxusage)
+ if (cmd == HIDIOCGCOLLECTIONINDEX) {
+ if (uref->usage_index >= field->maxusage)
goto inval;
+ } else if (uref->usage_index >= field->report_count)
+ goto inval;
+
+ else if ((cmd == HIDIOCGUSAGES ||
+ cmd == HIDIOCSUSAGES) &&
+ (uref->usage_index + uref_multi->num_values >=
+ field->report_count ||
+ uref->usage_index + uref_multi->num_values <
+ uref->usage_index))
+ goto inval;
+
}
- }
switch (cmd) {
case HIDIOCGUSAGE:
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/