Commit 382145be authored by Johan Hovold's avatar Johan Hovold Committed by Greg Kroah-Hartman

greybus: hid: fix missing input verification of report events

Add minimal verification of incoming report size, before using it to
determine what buffer and size to pass on to HID core.

Add comment about protocol needing to be revisited. If we are going to
be parsing the report data received, then those fields have to be
defined in the Greybus specification at least.
Signed-off-by: default avatarJohan Hovold <johan@hovoldconsulting.com>
Reviewed-by: default avatarAlex Elder <elder@linaro.org>
Signed-off-by: default avatarGreg Kroah-Hartman <greg@kroah.com>
parent 36257f6b
...@@ -168,8 +168,12 @@ static void gb_hid_irq_handler(u8 type, struct gb_operation *op) ...@@ -168,8 +168,12 @@ static void gb_hid_irq_handler(u8 type, struct gb_operation *op)
return; return;
} }
/*
* FIXME: add report size to Greybus HID protocol if we need to parse
* it here.
*/
size = request->report[0] | request->report[1] << 8; size = request->report[0] | request->report[1] << 8;
if (!size) { if (size < 2 || size > op->request->payload_size - 2) {
dev_err(&connection->dev, "bad report size: %d\n", size); dev_err(&connection->dev, "bad report size: %d\n", size);
return; return;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment