HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
Orabug:
24798688
CVE: CVE-2016-5829
This patch validates the num_values parameter from userland during the
HIDIOCGUSAGES and HIDIOCSUSAGES commands. Previously, if the report id was set
to HID_REPORT_ID_UNKNOWN, we would fail to validate the num_values parameter
leading to a heap overflow.
Cc: stable@vger.kernel.org
Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit
93a2001bdfd5376c3dc2158653034c20392d15c5)
Signed-off-by: Brian Maly <brian.maly@oracle.com>
projects / users / jedix / linux-maple.git / commit