lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <727o0521-q24p-s0qq-66n0-sn436rpqqr1p@xreary.bet>
Date: Thu, 24 Apr 2025 11:31:49 +0200 (CEST)
From: Jiri Kosina <jikos@...nel.org>
To: Terry Junge <linuxhid@...micgizmosystems.com>
cc: Benjamin Tissoires <bentiss@...nel.org>, 
    Greg Kroah-Hartman <gregkh@...uxfoundation.org>, 
    Nikita Zhandarovich <n.zhandarovich@...tech.ru>, 
    Alan Stern <stern@...land.harvard.edu>, Kees Cook <kees@...nel.org>, 
    "Gustavo A. R. Silva" <gustavoars@...nel.org>, linux-input@...r.kernel.org, 
    linux-usb@...r.kernel.org, linux-hyperv@...r.kernel.org, 
    linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org, 
    syzkaller-bugs@...glegroups.com, lvc-project@...uxtesting.org, 
    syzbot+c52569baf0c843f35495@...kaller.appspotmail.com, 
    stable@...r.kernel.org
Subject: Re: [PATCH v2] HID: usbhid: Eliminate recurrent out-of-bounds bug
 in usbhid_parse()

On Wed, 12 Mar 2025, Terry Junge wrote:

> Update struct hid_descriptor to better reflect the mandatory and
> optional parts of the HID Descriptor as per USB HID 1.11 specification.
> Note: the kernel currently does not parse any optional HID class
> descriptors, only the mandatory report descriptor.
> 
> Update all references to member element desc[0] to rpt_desc.
> 
> Add test to verify bLength and bNumDescriptors values are valid.
> 
> Replace the for loop with direct access to the mandatory HID class
> descriptor member for the report descriptor. This eliminates the
> possibility of getting an out-of-bounds fault.
> 
> Add a warning message if the HID descriptor contains any unsupported
> optional HID class descriptors.
> 
> Reported-by: syzbot+c52569baf0c843f35495@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495
> Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug")
> Cc: stable@...r.kernel.org
> Signed-off-by: Terry Junge <linuxhid@...micgizmosystems.com>

Applied, thanks.

-- 
Jiri Kosina
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ