| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Feb 2020 10:22:16 -0500 (EST)
From: Alan Stern <stern@...land.harvard.edu>
To: "Enderborg, Peter" <Peter.Enderborg@...y.com>
cc: Jiri Kosina <jikos@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: [PATCH 5.4 17/78] HID: Fix slab-out-of-bounds read in
hid_field_extract (Broken!)
On Fri, 7 Feb 2020, Enderborg, Peter wrote:
> On 2/6/20 4:14 PM, Alan Stern wrote:
> > I guess you have to unbind the device from the usbhid driver first in
> > order for lsusb to get them. Can you do that?
> >
> > Alan Stern
> >
> Im not sure exatly what you need to unbind. But I assume this is what you want:
>
> lsusb -v -d 0fd9:0060
Yes, that's it. Most of the reports have:
> Item(Global): Report Size, data= [ 0x08 ] 8
> Item(Global): Report Count, data= [ 0x10 ] 16
which means they are 16 bytes long. But one report has:
> Item(Global): Report Size, data= [ 0x08 ] 8
> Item(Global): Report Count, data= [ 0xfe 0x1f ] 8190
meaning it is 8190 bytes long (plus one byte for the report ID).
Therefore setting the maximum buffer size to 8192 should allow this
device to work properly, with no other changes needed.
Alan Stern
Powered by blists - more mailing lists