HID: hid-cypress: validate length of report

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Make sure we have enough of a report structure to validate before
looking at it.

Reported-by: Benoit Camredon <benoit.camredon@airbus.com>
Tested-by: Benoit Camredon <benoit.camredon@airbus.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

authored by

Greg Kroah-Hartman and committed by

Jiri Kosina 9 years ago 1ebb7114 08f95726

1 changed file

expand all

drivers

hid

hid-cypress.c

drivers/hid/hid-cypress.c

··· 39 39 if (!(quirks & CP_RDESC_SWAPPED_MIN_MAX)) 40 40 return rdesc; 41 41 42 + if (*rsize < 4) 43 + return rdesc; 44 + 42 45 for (i = 0; i < *rsize - 4; i++) 43 46 if (rdesc[i] == 0x29 && rdesc[i + 2] == 0x19) { 44 47 rdesc[i] = 0x19;