| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 May 2021 14:33:02 +0200 (CEST)
From: Jiri Kosina <jikos@...nel.org>
To: Michael Zaidman <michael.zaidman@...il.com>
cc: dan.carpenter@...cle.com, benjamin.tissoires@...hat.com,
wsa@...nel.org, linux-kernel@...r.kernel.org,
linux-input@...r.kernel.org, linux-i2c@...r.kernel.org
Subject: Re: [PATCH] HID: ft260: check data size in ft260_smbus_write()
On Tue, 13 Apr 2021, Michael Zaidman wrote:
> Fixes: 98189a0adfa0 ("HID: ft260: add usb hid to i2c host bridge driver")
>
> The SMbus block transaction limits the number of bytes transferred to 32,
> but nothing prevents a user from specifying via ioctl a larger data size
> than the ft260 can handle in a single transfer.
>
> i2cdev_ioctl_smbus()
> --> i2c_smbus_xfer
> --> __i2c_smbus_xfer
> --> ft260_smbus_xfer
> --> ft260_smbus_write
>
> This patch adds data size checking in the ft260_smbus_write().
>
> Signed-off-by: Michael Zaidman <michael.zaidman@...il.com>
> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
I have moved the 'Fixes:' tag to place where it belongs, and applied.
Thanks,
--
Jiri Kosina
SUSE Labs
Powered by blists - more mailing lists