tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Input: check keycodesize when adjusting keymaps

When changing key mappings we need to make sure that the new
keycode value can be stored in dev->keycodesize bytes.

Signed-off-by: Vojtech Pavlik <vojtech@suse.cz>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>

authored by

Vojtech Pavlik and committed by
Dmitry Torokhov 5ac7ba3f 463a4f76

+3 -2
+2 -2
drivers/char/keyboard.c
··· 198 198 199 199 if (scancode >= dev->keycodemax) 200 200 return -EINVAL; 201 - if (keycode > KEY_MAX) 202 - return -EINVAL; 203 201 if (keycode < 0 || keycode > KEY_MAX) 202 + return -EINVAL; 203 + if (keycode >> (dev->keycodesize * 8)) 204 204 return -EINVAL; 205 205 206 206 oldkey = SET_INPUT_KEYCODE(dev, scancode, keycode);
+1
drivers/input/evdev.c
··· 320 320 if (t < 0 || t >= dev->keycodemax || !dev->keycodesize) return -EINVAL; 321 321 if (get_user(v, ip + 1)) return -EFAULT; 322 322 if (v < 0 || v > KEY_MAX) return -EINVAL; 323 + if (v >> (dev->keycodesize * 8)) return -EINVAL; 323 324 u = SET_INPUT_KEYCODE(dev, t, v); 324 325 clear_bit(u, dev->keybit); 325 326 set_bit(v, dev->keybit);