diff options
author | Dongliang Mu <mudongliangabcd@gmail.com> | 2022-05-06 10:24:25 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-06-09 11:20:54 +0300 |
commit | 296f8ca0f73f5268cd9b85cf72ff783596b2264e (patch) | |
tree | bc51ab398f196a89f1247af74716992315090124 /drivers/hid/hid-bigbenff.c | |
parent | 3ee67465f7115cea05e8ef59840a3529b5911fa4 (diff) | |
download | linux-296f8ca0f73f5268cd9b85cf72ff783596b2264e.tar.xz |
HID: bigben: fix slab-out-of-bounds Write in bigben_probe
[ Upstream commit fc4ef9d5724973193bfa5ebed181dba6de3a56db ]
There is a slab-out-of-bounds Write bug in hid-bigbenff driver.
The problem is the driver assumes the device must have an input but
some malicious devices violate this assumption.
Fix this by checking hid_device's input is non-empty before its usage.
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers/hid/hid-bigbenff.c')
-rw-r--r-- | drivers/hid/hid-bigbenff.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c index 74ad8bf98bfd..e8c5e3ac9fff 100644 --- a/drivers/hid/hid-bigbenff.c +++ b/drivers/hid/hid-bigbenff.c @@ -347,6 +347,12 @@ static int bigben_probe(struct hid_device *hid, bigben->report = list_entry(report_list->next, struct hid_report, list); + if (list_empty(&hid->inputs)) { + hid_err(hid, "no inputs found\n"); + error = -ENODEV; + goto error_hw_stop; + } + hidinput = list_first_entry(&hid->inputs, struct hid_input, list); set_bit(FF_RUMBLE, hidinput->input->ffbit); |