git.osdn.net Git - tomoyo/tomoyo-test1.git/commit

author	Michael Zaidman <michael.zaidman@gmail.com>
	Sat, 5 Nov 2022 21:11:45 +0000 (23:11 +0200)
committer	Jiri Kosina <jkosina@suse.cz>
	Fri, 11 Nov 2022 10:09:36 +0000 (11:09 +0100)
commit	b7121e3c04440cc2af9cabbabb24efd23741294a
tree	fd3a81ce7032013252f75f7813c25e861f780350	tree \| snapshot
parent	76e76e7993f3d8da484424135a4a8acf7f3cac0b	commit \| diff

HID: ft260: skip unexpected HID input reports

The FT260 is not supposed to generate unexpected HID reports. However,
in theory, the unsolicited HID Input reports can be issued by a specially
crafted malicious USB device masquerading as FT260 when the attacker has
physical access to the USB port. In this case, the read_buf pointer points
to the final data portion of the previous I2C Read transfer, and the memcpy
invoked in the ft260_raw_event() will try copying the content of the
unexpected report into the wrong location.

This commit sets the Read buffer pointer to NULL on the I2C Read
transaction completion and checks it in the ft260_raw_event() to detect
and skip the unsolicited Input report.

Reported-by: Enrik Berkhan <Enrik.Berkhan@inka.de>
Signed-off-by: Michael Zaidman <michael.zaidman@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>