Commit 362f2153 authored by Deepak Sharma's avatar Deepak Sharma Committed by Jiri Kosina
Browse files

HID: cp2112: Add parameter validation to data length 



Syzkaller reported a stack OOB access in cp2112_write_req caused by lack
of parameter validation for the user input in I2C SMBUS ioctl in cp2112
driver

Add the parameter validation for the data->block[0] to be bounded by
I2C_SMBUS_BLOCK_MAX + the additional compatibility padding

[jkosina@suse.com: fix whitespace damage]
Reported-by: default avatar <syzbot+7617e19c8a59edfbd879@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=7617e19c8a59edfbd879


Tested-by: default avatar <syzbot+7617e19c8a59edfbd879@syzkaller.appspotmail.com>
Signed-off-by: default avatarDeepak Sharma <deepak.sharma.472935@gmail.com>
Signed-off-by: default avatarJiri Kosina <jkosina@suse.com>
parent 50f1f782
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment