Seth/kernel_amazon_mt8127-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cm-14.1
kernel_amazon_mt8127-common/drivers/hid/usbhid
T
History
Scott Bauer ba293572f4 HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands 
commit 93a2001bdfd5376c3dc2158653034c20392d15c5 upstream.

This patch validates the num_values parameter from userland during the
HIDIOCGUSAGES and HIDIOCSUSAGES commands. Previously, if the report id was set
to HID_REPORT_ID_UNKNOWN, we would fail to validate the num_values parameter
leading to a heap overflow.

CVE-2016-5829

Cc: stable@vger.kernel.org
Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Chas Williams <ciwillia@brocade.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
2016-08-21 23:22:37 +02:00
..
hid-core.c
HID: usbhid: fix inconsistent reset/resume/reset-resume behavior
2016-06-07 10:42:50 +02:00
hid-pidff.c
HID: use hid_hw_wait() instead of direct call to usbhid
2013-02-25 13:26:41 +01:00
hid-quirks.c
HID: Add a new id 0x501a for Genius MousePen i608X
2015-01-16 06:59:01 -08:00
hiddev.c
HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
2016-08-21 23:22:37 +02:00
Kconfig
HID: Fix the generic Kconfig options
2012-06-25 17:25:00 +02:00
Makefile
HID: usbhid: Clean up makefile (-y instead of -objs)
2010-11-18 10:43:18 +01:00
usbhid.h
HID: use hid_hw_wait() instead of direct call to usbhid
2013-02-25 13:26:41 +01:00
usbkbd.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
2012-01-10 10:48:28 -08:00
usbmouse.c
USB: usbmouse.c: remove err() usage
2012-04-25 14:48:20 -07:00