On Thu, Aug 29, 2013 at 9:58 PM, Kees Cook keesc...@chromium.org wrote:
On Thu, Aug 29, 2013 at 7:50 AM, Benjamin Tissoires
benjamin.tissoi...@gmail.com wrote:
On Thu, Aug 29, 2013 at 4:40 PM, Kees Cook keesc...@chromium.org wrote:
On Thu, Aug 29, 2013 at 2:48 AM, Benjamin Tissoires
On Wed, Aug 28, 2013 at 10:30 PM, Jiri Kosina jkos...@suse.cz wrote:
From: Kees Cook keesc...@chromium.org
This driver must validate the availability of the HID output report and
its size before it can write LED states via buzz_set_leds(). This stops
a heap overflow that is possible if a
On Thu, Aug 29, 2013 at 2:48 AM, Benjamin Tissoires
benjamin.tissoi...@gmail.com wrote:
On Wed, Aug 28, 2013 at 10:30 PM, Jiri Kosina jkos...@suse.cz wrote:
From: Kees Cook keesc...@chromium.org
This driver must validate the availability of the HID output report and
its size before it can
On Thu, Aug 29, 2013 at 4:40 PM, Kees Cook keesc...@chromium.org wrote:
On Thu, Aug 29, 2013 at 2:48 AM, Benjamin Tissoires
benjamin.tissoi...@gmail.com wrote:
On Wed, Aug 28, 2013 at 10:30 PM, Jiri Kosina jkos...@suse.cz wrote:
From: Kees Cook keesc...@chromium.org
This driver must validate
From: Kees Cook keesc...@chromium.org
This driver must validate the availability of the HID output report and
its size before it can write LED states via buzz_set_leds(). This stops
a heap overflow that is possible if a device provides a malicious HID
output report:
[ 108.171280] usb 1-1: New
