From: Marc Zyngier <maz@kernel.org>
To: Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Jiri Kosina <jikos@kernel.org>,
Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: linux-input@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: [PATCH 0/2] input/hid: Fix bitmap boundary validation
Date: Mon, 17 Aug 2020 12:26:58 +0100 [thread overview]
Message-ID: <20200817112700.468743-1-maz@kernel.org> (raw)
It recently became apparent that some of the low-level input and hid
helpers lack some form of input validation when associating an event
code with their internal capability bitmap, leading to potential
memory corruption.
These two patches address two occurrences of that issue, by masking
out the top bits of the event code (all capability bitmaps are
conveniently sized as power of twos), and spitting out a warning for
further debugging.
Marc Zyngier (2):
Input; Sanitize event code before modifying bitmaps
HID: core; Sanitize event code and type before mapping input
drivers/input/input.c | 16 +++++++++++++++-
include/linux/hid.h | 19 +++++++++++++++----
2 files changed, 30 insertions(+), 5 deletions(-)
--
2.27.0
next reply other threads:[~2020-08-17 11:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-17 11:26 Marc Zyngier [this message]
2020-08-17 11:26 ` [PATCH 1/2] Input; Sanitize event code before modifying bitmaps Marc Zyngier
2020-08-24 19:51 ` Dmitry Torokhov
2020-08-26 13:32 ` Marc Zyngier
2020-08-17 11:27 ` [PATCH 2/2] HID: core; Sanitize event code and type before mapping input Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200817112700.468743-1-maz@kernel.org \
--to=maz@kernel.org \
--cc=benjamin.tissoires@redhat.com \
--cc=dmitry.torokhov@gmail.com \
--cc=jikos@kernel.org \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.