Adrian Salido acdc9de2d1 HID: i2c-hid: allocate hid buffers for real worst case ... commit 8320caeeffdefec3b58b9d4a7ed8e1079492fe7b upstream. The buffer allocation is not currently accounting for an extra byte for the report id. This can cause an out of bounds access in function i2c_hid_set_or_send_report() with reportID > 15. Signed-off-by: Adrian Salido <salidoa@google.com> Reviewed-by: Benson Leung <bleung@chromium.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>		2019-07-27 21:45:51 +02:00
..
i2c-hid	HID: i2c-hid: allocate hid buffers for real worst case	2019-07-27 21:45:51 +02:00
usbhid	HID: usbhid: fix out-of-bounds bug	2018-08-20 12:00:10 +02:00
hid-a4tech.c
hid-apple.c
hid-appleir.c
hid-aureal.c
hid-axff.c
hid-belkin.c
hid-cherry.c	HID: fix a couple of off-by-ones	2014-09-05 16:28:34 -07:00
hid-chicony.c
hid-core.c	This is the 3.10.96 stable release	2017-04-18 17:16:02 +02:00
hid-cypress.c	HID: hid-cypress: validate length of report	2019-07-27 21:43:43 +02:00
hid-debug.c
hid-dr.c
hid-elecom.c
hid-emsff.c
hid-ezkey.c
hid-gaff.c
hid-generic.c
hid-gyration.c
hid-holtek-kbd.c
hid-holtekff.c
hid-hyperv.c
hid-icade.c
hid-ids.h	Import latest Samsung release	2017-04-18 03:43:52 +02:00
hid-input.c	HID: hid-input: Add parentheses to quell gcc warning	2019-07-27 21:42:01 +02:00
hid-kensington.c
hid-keytouch.c
hid-kye.c	HID: Add a new id 0x501a for Genius MousePen i608X	2015-01-16 06:59:01 -08:00
hid-lcpower.c
hid-lenovo-tpkbd.c
hid-lg.c	HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2	2019-07-27 21:44:06 +02:00
hid-lg.h
hid-lg2ff.c
hid-lg3ff.c
hid-lg4ff.c
hid-lgff.c
hid-logitech-dj.c	HID: logitech-dj: prevent false errors to be shown	2014-10-05 14:54:08 -07:00
hid-logitech-dj.h	HID: logitech-dj: prevent false errors to be shown	2014-10-05 14:54:08 -07:00
hid-magicmouse.c	This is the 3.10.67 stable release	2015-04-24 18:04:40 -07:00
hid-microsoft.c
hid-monterey.c	HID: fix a couple of off-by-ones	2014-09-05 16:28:34 -07:00
hid-multitouch.c
hid-ntrig.c	hid: hid-ntrig: Fix input_configured function	2017-04-18 12:19:41 +02:00
hid-ortek.c
hid-petalynx.c	HID: fix a couple of off-by-ones	2014-09-05 16:28:34 -07:00
hid-picolcd.h
hid-picolcd_backlight.c
hid-picolcd_cir.c
hid-picolcd_core.c	HID: picolcd: sanity check report size in raw_event() callback	2014-10-05 14:54:08 -07:00
hid-picolcd_debugfs.c
hid-picolcd_fb.c
hid-picolcd_lcd.c
hid-picolcd_leds.c
hid-pl.c
hid-primax.c
hid-prodikeys.c
hid-ps3remote.c
hid-roccat-arvo.c
hid-roccat-arvo.h
hid-roccat-common.c
hid-roccat-common.h
hid-roccat-isku.c
hid-roccat-isku.h
hid-roccat-kone.c
hid-roccat-kone.h
hid-roccat-koneplus.c
hid-roccat-koneplus.h
hid-roccat-konepure.c
hid-roccat-konepure.h
hid-roccat-kovaplus.c
hid-roccat-kovaplus.h
hid-roccat-lua.c
hid-roccat-lua.h
hid-roccat-pyra.c	HID: roccat: potential out of bounds in pyra_sysfs_write_settings()	2015-01-16 06:59:01 -08:00
hid-roccat-pyra.h
hid-roccat-savu.c
hid-roccat-savu.h
hid-roccat.c
hid-saitek.c
hid-samsung.c	Import latest Samsung release	2017-04-18 03:43:52 +02:00
hid-sensor-hub.c
hid-sjoy.c
hid-sony.c
hid-speedlink.c
hid-steelseries.c
hid-sunplus.c	HID: fix a couple of off-by-ones	2014-09-05 16:28:34 -07:00
hid-synaptics-bt.c	Import latest Samsung release	2017-04-18 03:43:52 +02:00
hid-thingm.c
hid-tivo.c
hid-tmff.c
hid-topseed.c
hid-twinhan.c
hid-uclogic.c
hid-wacom.c
hid-waltop.c
hid-wiimote-core.c
hid-wiimote-debug.c
hid-wiimote-ext.c
hid-wiimote.h
hid-zpff.c
hid-zydacron.c
hidraw.c
Kconfig	Import latest Samsung release	2017-04-18 03:43:52 +02:00
Makefile	Import latest Samsung release	2017-04-18 03:43:52 +02:00
uhid.c