On 2/6/25 06:02, Terry Junge wrote:
> On 2/2/25 1:55 AM, Nikita Zhandarovich wrote:
>>
>>
>> On 1/31/25 23:12, Kees Cook wrote:
>>> On Fri, Jan 31, 2025 at 06:15:58PM +0300, Nikita Zhandarovich wrote:
>>>> Syzbot reports [1] a reemerging out-of
On 1/31/25 23:12, Kees Cook wrote:
> On Fri, Jan 31, 2025 at 06:15:58PM +0300, Nikita Zhandarovich wrote:
>> Syzbot reports [1] a reemerging out-of-bounds bug regarding hid
>> descriptors supposedly having unpredictable bNumDescriptors values in
>> usbhid_parse().
>>
s bug")
Cc: sta...@vger.kernel.org
Signed-off-by: Nikita Zhandarovich
---
v1:
https://lore.kernel.org/all/20240524120112.28076-1-n.zhandarov...@fintech.ru/
v2: Instead of essentially forcing usbhid_parse() to only check
the first descriptor, modify hid_descriptor struct to anticipate
multiple hid_class_des
Hello,
On 6/4/24 10:45, Alan Stern wrote:
> On Tue, Jun 04, 2024 at 10:21:15AM -0700, Kees Cook wrote:
>> On Tue, Jun 04, 2024 at 10:09:43AM -0700, Nikita Zhandarovich wrote:
>>> Hi,
>>>
>>> On 6/4/24 07:15, Jiri Kosina wrote:
>>>> On Tue, 4 Jun
Hi,
On 6/4/24 07:15, Jiri Kosina wrote:
> On Tue, 4 Jun 2024, Kees Cook wrote:
>
>> This isn't the right solution. The problem is that hid_class_descriptor
>> is a flexible array but was sized as a single element fake flexible
>> array:
>>
>> struct hid_descriptor {
>> __u8 bLength;
>>
