git.baikalelectronics.ru Git - kernel.git/commit

author	Marc Zyngier <maz@kernel.org>
	Tue, 1 Sep 2020 09:52:33 +0000 (10:52 +0100)
committer	Benjamin Tissoires <benjamin.tissoires@gmail.com>
	Tue, 1 Sep 2020 10:06:41 +0000 (12:06 +0200)
commit	7358fd2f7f19f59020193385802e679a31c01918
tree	cb19655e11b5f8113b444b5685ffc5b9372d5046	tree \| snapshot
parent	274fe77d5c83c5c0525889efe7ff92974ef6cb57	commit \| diff

HID: core: Sanitize event code and type when mapping input

When calling into hid_map_usage(), the passed event code is
blindly stored as is, even if it doesn't fit in the associated bitmap.

This event code can come from a variety of sources, including devices
masquerading as input devices, only a bit more "programmable".

Instead of taking the event code at face value, check that it actually
fits the corresponding bitmap, and if it doesn't:
- spit out a warning so that we know which device is acting up
- NULLify the bitmap pointer so that we catch unexpected uses

Code paths that can make use of untrusted inputs can now check
that the mapping was indeed correct and bail out if not.

Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>

drivers/hid/hid-input.c		diff \| blob \| history
drivers/hid/hid-multitouch.c		diff \| blob \| history
include/linux/hid.h		diff \| blob \| history