Re: [RESEND] HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report

[Lee Jones]

On Mon, 12 Sep 2022, Silvan Jegen wrote:

> Hi
> 
> Lee Jones <lee@xxxxxxxxxx> wrote:
> > On Wed, 03 Aug 2022, Lee Jones wrote:
> > 
> > > It is possible for a malicious device to forgo submitting a Feature
> > > Report.  The HID Steam driver presently makes no prevision for this
> > > and de-references the 'struct hid_report' pointer obtained from the
> > > HID devices without first checking its validity.  Let's change that.
> > 
> > This patch has been floating around since the beginning of July.
> > 
> > It fixes a real issue which was found by creating a virtual
> > (software based) malicious device and registering it as a HID device.
> > 
> > There is nothing preventing a real attacker from creating a H/W
> > version of the device in order to instigate an out-of-bounds read,
> > potentially leading to a data leak.
> > 
> > Would someone be kind enough to review please?
> 
> AFACT this patch has been applied by Jiri on the 25th of August already.

Ah, I missed his reply to the original patch.

> Is a review still needed in this case?

Certainly not.  Thank you for your reply.

-- 
Lee Jones [李琼斯]