Hi Kees,
I would be curious to have the HID report descriptors (maybe off list)
to understand how things can be that bad.
On overall, I'd prefer all those checks to be in hid-core so that we
have the guarantee that we don't have to open a new CVE each time a
specific hid driver do not check for
On Wed, 28 Aug 2013, Jiri Kosina wrote:
From: Kees Cook keesc...@chromium.org
The Report ID field of a HID report is used to build indexes of
reports. The kernel's index of these is limited to 256 entries, so any
malicious device that sets a Report ID greater than 255 will trigger
memory
On Thu, Aug 29, 2013 at 11:03 AM, Jiri Kosina jkos...@suse.cz wrote:
On Wed, 28 Aug 2013, Jiri Kosina wrote:
From: Kees Cook keesc...@chromium.org
The Report ID field of a HID report is used to build indexes of
reports. The kernel's index of these is limited to 256 entries, so any
malicious
On Thu, 29 Aug 2013, Benjamin Tissoires wrote:
The Report ID field of a HID report is used to build indexes of
reports. The kernel's index of these is limited to 256 entries, so any
malicious device that sets a Report ID greater than 255 will trigger
memory corruption on the host:
[
Hi Kees,
On Wed, Aug 28, 2013 at 10:30 PM, Jiri Kosina jkos...@suse.cz wrote:
From: Kees Cook keesc...@chromium.org
Many drivers need to validate the characteristics of their HID report
during initialization to avoid misusing the reports. This adds a common
helper to perform validation of
On Thu, Aug 29, 2013 at 11:36 AM, Jiri Kosina jkos...@suse.cz wrote:
On Thu, 29 Aug 2013, Benjamin Tissoires wrote:
The Report ID field of a HID report is used to build indexes of
reports. The kernel's index of these is limited to 256 entries, so any
malicious device that sets a Report ID
On Wed, Aug 28, 2013 at 10:30 PM, Jiri Kosina jkos...@suse.cz wrote:
From: Kees Cook keesc...@chromium.org
This driver must validate the availability of the HID output report and
its size before it can write LED states via buzz_set_leds(). This stops
a heap overflow that is possible if a
On Tue, Jul 16, 2013 at 8:57 AM, Ferruh Yigit f...@cypress.com wrote:
On 07/15/2013 12:41 AM, Javier Martinez Canillas wrote:
I haven't had time to work on this driver for a long time and
Ferruh has been doing a great job making it more generic,
adding support for new hardware and providing
On Wed, Aug 28, 2013 at 10:31:44PM +0200, Jiri Kosina wrote:
From: Kees Cook keesc...@chromium.org
A HID device could send a malicious feature report that would cause the
sensor-hub HID driver to read past the end of heap allocation, leaking
kernel memory contents to the caller.
KonePureOptical is a KonePure with different sensor.
Signed-off-by: Stefan Achatz erazor...@users.sourceforge.net
---
drivers/hid/hid-ids.h |1 +
drivers/hid/hid-roccat-konepure.c |3 ++-
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/hid/hid-ids.h
On Thu, Aug 29, 2013 at 2:48 AM, Benjamin Tissoires
benjamin.tissoi...@gmail.com wrote:
On Wed, Aug 28, 2013 at 10:30 PM, Jiri Kosina jkos...@suse.cz wrote:
From: Kees Cook keesc...@chromium.org
This driver must validate the availability of the HID output report and
its size before it can
On Thu, Aug 29, 2013 at 4:40 PM, Kees Cook keesc...@chromium.org wrote:
On Thu, Aug 29, 2013 at 2:48 AM, Benjamin Tissoires
benjamin.tissoi...@gmail.com wrote:
On Wed, Aug 28, 2013 at 10:30 PM, Jiri Kosina jkos...@suse.cz wrote:
From: Kees Cook keesc...@chromium.org
This driver must validate
On Mon, 2013-08-19 at 08:28 -0700, Srinivas Pandruvada wrote:
On 08/14/2013 01:07 AM, Andy Shevchenko wrote:
Patch just rearranges lines to be more compact and/or readable.
Additionally it
converts double space to one in several places.
There is no functional change.
Jiri, anything
Signed-off-by: Rafi Rubin r...@seas.upenn.edu
Thanks Kees,
Rafi
On 08/28/13 16:31, Jiri Kosina wrote:
From: Kees Cook keesc...@chromium.org
A HID device could send a malicious feature report that would cause the
ntrig HID driver to trigger a NULL dereference during initialization:
On Thu, Aug 29, 2013 at 11:48:57AM +0200, Javier Martinez Canillas wrote:
On Tue, Jul 16, 2013 at 8:57 AM, Ferruh Yigit f...@cypress.com wrote:
On 07/15/2013 12:41 AM, Javier Martinez Canillas wrote:
I haven't had time to work on this driver for a long time and
Ferruh has been doing a
Hi Heiko,
On Fri, Aug 16, 2013 at 01:59:39PM +0200, Heiko Stübner wrote:
This adds a driver for touchscreens using the zforce infrared
technology from Neonode connected via i2c to the host system.
It supports multitouch with up to two fingers and tracking of the
contacts in hardware.
On Wed, Aug 28, 2013 at 08:46:56PM +0200, Mischa Jonker wrote:
It causes crashes when enabled, and we don't have such a peripheral
anyway on ARC platforms.
Signed-off-by: Mischa Jonker mjon...@synopsys.com
---
drivers/input/serio/Kconfig |3 ++-
1 file changed, 2 insertions(+), 1
Hi Illia,
On Tue, Aug 27, 2013 at 01:08:05PM +0300, Illia Smyrnov wrote:
Hello Dmitry,
could you take reviewed patches from this patchset?
Reviewed patches:
[PATCH v3 1/3] Input: omap-keypad: Enable wakeup capability for keypad.
[PATCH v3 3/3] Input: omap-keypad: Setup irq type from DT
Hi Linus,
Please pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input.git for-linus
or
master.kernel.org:/pub/scm/linux/kernel/git/dtor/input.git for-linus
to receive updates for the input subsystem. Just a couple of new IDs in
Wacom and xpad drivers, i8042 is now
On 08/28/2013 02:16 PM, Kees Cook wrote:
On Wed, Aug 28, 2013 at 1:42 PM, Jiri Kosina jkos...@suse.cz wrote:
On Wed, 28 Aug 2013, Srinivas Pandruvada wrote:
A HID device could send a malicious feature report that would cause the
sensor-hub HID driver to read past the end of heap allocation,
On Thu, Aug 29, 2013 at 1:59 AM, Benjamin Tissoires
benjamin.tissoi...@redhat.com wrote:
Hi Kees,
I would be curious to have the HID report descriptors (maybe off list)
to understand how things can be that bad.
Certainly! I'll send them your way. I did have to get pretty creative
to tickle
On Thu, Aug 29, 2013 at 11:13 AM, Srinivas Pandruvada
srinivas.pandruv...@linux.intel.com wrote:
On 08/28/2013 02:16 PM, Kees Cook wrote:
On Wed, Aug 28, 2013 at 1:42 PM, Jiri Kosina jkos...@suse.cz wrote:
On Wed, 28 Aug 2013, Srinivas Pandruvada wrote:
A HID device could send a malicious
On Thu, Aug 29, 2013 at 2:35 AM, Benjamin Tissoires
benjamin.tissoi...@gmail.com wrote:
Hi Kees,
On Wed, Aug 28, 2013 at 10:30 PM, Jiri Kosina jkos...@suse.cz wrote:
From: Kees Cook keesc...@chromium.org
Many drivers need to validate the characteristics of their HID report
during
Hi Dmitry,
Am Donnerstag, 29. August 2013, 18:29:04 schrieb Dmitry Torokhov:
Hi Heiko,
On Fri, Aug 16, 2013 at 01:59:39PM +0200, Heiko Stübner wrote:
This adds a driver for touchscreens using the zforce infrared
technology from Neonode connected via i2c to the host system.
It
24 matches
Mail list logo