]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 3ff7b05) | patch
HID: debug: check length before copy_to_user()
authorDaniel Rosenberg <drosen@google.com>
Mon, 2 Jul 2018 23:59:37 +0000 (16:59 -0700)
committerBrian Maly <brian.maly@oracle.com>
Wed, 2 Jan 2019 17:53:25 +0000 (12:53 -0500)
commitfb7c4ce95e66b6dbbaab6bdac01b0d20e51b3b10
tree287e75d8aee13284f32e454bdead5876af5375c7tree
parent3ff7b0556f711e6213735fb9bc8fa8068204ce7bcommit | diff
HID: debug: check length before copy_to_user()

If our length is greater than the size of the buffer, we
overflow the buffer

Cc: stable@vger.kernel.org
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 717adfdaf14704fd3ec7fa2c04520c0723247eac)
Orabug: 29128165
CVE: CVE-2018-9516
Signed-off-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
Reviewed-by: John.Donnelly <John.p.donnelly@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>
drivers/hid/hid-debug.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.