Commit 85f29eeb authored by Marc Zyngier's avatar Marc Zyngier Committed by Yang Yingliang
Browse files

HID: core: Correctly handle ReportSize being zero 



stable inclusion
from linux-4.19.144
commit abae259fdccc5e41ff302dd80a2b944ce385c970
CVE: CVE-2020-0465

--------------------------------

commit bce1305c upstream.

It appears that a ReportSize value of zero is legal, even if a bit
non-sensical. Most of the HID code seems to handle that gracefully,
except when computing the total size in bytes. When fed as input to
memset, this leads to some funky outcomes.

Detect the corner case and correctly compute the size.

Cc: stable@vger.kernel.org
Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
Signed-off-by: default avatarBenjamin Tissoires <benjamin.tissoires@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: default avatarJason Yan <yanaijie@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent c66c6e7c
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment