lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com>
Date: Mon, 4 Nov 2024 16:30:53 -0800
From: Nolan Nicholson <nolananicholson@...il.com>
To: stable@...r.kernel.org
Cc: jikos@...nel.org, bentiss@...nel.org, linux-usb@...r.kernel.org, 
	linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: hid-pidff.c: null-pointer deref if optional HID reports are not present

Hello,

(This is my first time reporting a Linux bug; please accept my apologies
for any mistakes in the process.)

When initializing a HID PID device, hid-pidff.c checks for eight required
HID reports and five optional reports. If the eight required reports are
present, the hid_pidff_init() function then attempts to find the necessary
fields in each required or optional report, using the pidff_find_fields()
function. However, if any of the five optional reports is not present,
pidff_find_fields() will trigger a null-pointer dereference.

I recently implemented the descriptors for a USB HID device with PID
force-feedback capability. After implementing the required report
descriptors but not the optional ones, I got an OOPS from the
pidff_find_fields function. I saved the OOPS from my Ubuntu installation,
and have attached it here. I later reproduced the issue on 6.11.6.

I was able to work around the issue by having my device present all of the
optional report descriptors as well as all of the required ones.

Thank you,
Nolan Nicholson

Content of type "text/html" skipped

View attachment "hid_pidff_oops.txt" of type "text/plain" (8683 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ