lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 28 Jul 2018 15:53:51 -0400
From:   John S Gruber <JohnSGruber@...il.com>
To:     Jiri Kosina <jikos@...nel.org>,
        Robert Munteanu <rombert@...che.org>,
        linux-input@...r.kernel.org, benjamin.tissoires@...hat.com,
        dmitry.torokhov@...il.com, linux-kernel@...r.kernel.org,
        JohnSGruber@...il.com
Subject: [PATCH 2/2] HID: redragon Add additional verification to rdesc
 modification quirk

There are many devices using the vendor_id 0c45 and device_id of 760b
combination. Also the two bytes 0x81 0x00 aren't rare for a report
description. For these reasons the report description being altered
by the quirk should be verified more completely

If I'm understanding this correctly, I believe for an array field the
report_size should be greater or equal to
ceil(log2(usage_maximum - usage_minimum + 1)). That's 3 bits for these 8
shift keys, 0xe0-0xe7. Therefore the incorrect report description can't
be valid for any device.

Check the actual count of the rdesc and compare the entire field
description to reduce the chance of patching the wrong thing by
inadvertence.

Signed-off-by: John S Gruber <JohnSGruber@...il.com>
---
 drivers/hid/hid-redragon.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/drivers/hid/hid-redragon.c b/drivers/hid/hid-redragon.c
index 85a5fbb..6e506cb 100644
--- a/drivers/hid/hid-redragon.c
+++ b/drivers/hid/hid-redragon.c
@@ -18,6 +18,21 @@

 #include "hid-ids.h"

+static __u8 asura_redragon_badfield[] = {
+	0x05, 0x01,	/* Usage Page (GenericDesktop)		*/
+	0x09, 0x06,	/* Usage (Keyboard)			*/
+	0xa1, 0x01,	/* Collection (Application)		*/
+	0x85, 0x04,	/* Report ID (4)			*/
+	0x05, 0x07,	/* Usage Page (Keyboard)		*/
+	0x19, 0xe0,	/* Usage Minimum (0xe0) Left Control	*/
+	0x29, 0xe7,	/* Usage Maximum (0xe7) Right GUI	*/
+	0x15, 0x00,	/* Logical Minimum (0)			*/
+	0x25, 0x01,	/* Logical Maximum (1)			*/
+	0x75, 0x01,	/* Report Size (1)			*/
+	0x95, 0x08,	/* Report Count(8)			*/
+	0x81, 0x00	/* Input Array [Should be Input Var]	*/
+};
+

 /*
  * The Redragon Asura keyboard sends an incorrect HID descriptor.
@@ -36,7 +51,9 @@
 static __u8 *redragon_report_fixup(struct hid_device *hdev, __u8 *rdesc,
 	unsigned int *rsize)
 {
-	if (*rsize >= 102 && rdesc[100] == 0x81 && rdesc[101] == 0x00) {
+	if (*rsize == 169 &&
+			memcmp(&rdesc[78], asura_redragon_badfield,
+			sizeof(asura_redragon_badfield)) == 0) {
 		dev_info(&hdev->dev, "Fixing Redragon ASURA report descriptor.\n");
 		rdesc[101] = 0x02;
 	}
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ