lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 11 Feb 2020 09:54:05 -0500 (EST)
From:   Alan Stern <stern@...land.harvard.edu>
To:     peter enderborg <peter.enderborg@...y.com>
cc:     Johan Korsnes <jkorsnes@...co.com>, Jiri Kosina <jikos@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Kernel development list <linux-kernel@...r.kernel.org>,
        <stable@...r.kernel.org>
Subject: Re: [PATCH] HID: Extend report buffer size

On Tue, 11 Feb 2020, peter enderborg wrote:

> On 2/10/20 4:01 PM, Alan Stern wrote:
> > On Mon, 10 Feb 2020, Peter Enderborg wrote:
> >
> >> In the patch "HID: Fix slab-out-of-bounds read in hid_field_extract"
> >> there added a check for buffer overruns. This made Elgato StreamDeck
> >> to fail. This patch extend the buffer to 8192 to solve this. It also
> >> adds a print of the requested length if it fails on this test.
> >>
> >> Signed-off-by: Peter Enderborg <peter.enderborg@...y.com>
> >> ---
> >>  drivers/hid/hid-core.c | 2 +-
> >>  include/linux/hid.h    | 2 +-
> >>  2 files changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
> >> index 851fe54ea59e..28841219b3d2 100644
> >> --- a/drivers/hid/hid-core.c
> >> +++ b/drivers/hid/hid-core.c
> >> @@ -290,7 +290,7 @@ static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsign
> >>  
> >>  	/* Total size check: Allow for possible report index byte */
> >>  	if (report->size > (HID_MAX_BUFFER_SIZE - 1) << 3) {
> >> -		hid_err(parser->device, "report is too long\n");
> >> +		hid_err(parser->device, "report is too long (%d)\n", report->size);
> >>  		return -1;
> >>  	}
> >>  
> >> diff --git a/include/linux/hid.h b/include/linux/hid.h
> >> index cd41f209043f..875f71132b14 100644
> >> --- a/include/linux/hid.h
> >> +++ b/include/linux/hid.h
> >> @@ -492,7 +492,7 @@ struct hid_report_enum {
> >>  };
> >>  
> >>  #define HID_MIN_BUFFER_SIZE	64		/* make sure there is at least a packet size of space */
> >> -#define HID_MAX_BUFFER_SIZE	4096		/* 4kb */
> >> +#define HID_MAX_BUFFER_SIZE	8192		/* 8kb */
> >>  #define HID_CONTROL_FIFO_SIZE	256		/* to init devices with >100 reports */
> >>  #define HID_OUTPUT_FIFO_SIZE	64
> > The second part of this patch is identical to the "HID: core: increase
> > HID report buffer size to 8KiB" patch submitted by Johan Korsnes a few
> > weeks ago.  You might want to submit just the first part of your patch,
> > or not submit anything at all.
> >
> > Alan Stern
> >
> >
> Korsnes patch is not in Torvalds tree nor is it requested for stable. How do we get it there?

Bring the whole matter to Jiri's attention.  He is the person who will
take care of it.

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ