Commit 24d12d71 authored by Dan Carpenter's avatar Dan Carpenter Committed by Yang Yingliang
Browse files

Input: joydev - prevent potential read overflow in ioctl 



stable inclusion
from linux-4.19.178
commit 88438fdeeffe11dcb05c2dd0ddd22cb6e3f024b4
CVE: CVE-2021-3612

--------------------------------

commit 182d679b upstream.

The problem here is that "len" might be less than "joydev->nabs" so the
loops which verfy abspam[i] and keypam[] might read beyond the buffer.

Fixes: 999b874f ("Input: joydev - validate axis/button maps before clobbering current ones")
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YCyzR8WvFRw4HWw6@mwanda


[dtor: additional check for len being even in joydev_handle_JSIOCSBTNMAP]
Cc: stable@vger.kernel.org
Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: default avatarXiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent 1527c26e
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment