hid: bigben_probe(): validate report count
bigben_probe() does not validate that the output report has the needed report values in the first field. A malicious device registering a report with one field and a single value causes an head OOB write in bigben_worker() when accessing report_field->value[1] to report_field->value[7]. Use hid_validate_values() which takes care of all the needed checks. Fixes: 256a90ed ("HID: hid-bigbenff: driver for BigBen Interactive PS3OFMINIPAD gamepad") Signed-off-by:Pietro Borrello <borrello@diag.uniroma1.it> Link: https://lore.kernel.org/r/20230211-bigben-oob-v1-1-d2849688594c@diag.uniroma1.it Signed-off-by:
Benjamin Tissoires <benjamin.tissoires@redhat.com>
Loading
-
mentioned in commit 25326a32
-
mentioned in commit f1c7d333
-
mentioned in commit c38b396f
-
mentioned in commit da4861ec
-
mentioned in commit 3f6804ea
-
mentioned in commit f1dea4cd
-
mentioned in commit 5f0821ea
-
mentioned in commit 980c585a
-
mentioned in commit e0d8206f
-
mentioned in commit 4229f703
-
mentioned in commit 06ccd402
-
mentioned in commit d5ad9a32
-
mentioned in commit 397e2499
-
mentioned in commit cdf3c668
-
mentioned in commit 5a35a35b
-
mentioned in commit cb86e222
-
mentioned in commit 65fb47a8
-
mentioned in commit 8ea1e127
-
mentioned in commit 617c5ccc
Please sign in to comment