• Marc Zyngier's avatar
    HID: core: Sanitize event code and type when mapping input · 35556bed
    Marc Zyngier authored
    When calling into hid_map_usage(), the passed event code is
    blindly stored as is, even if it doesn't fit in the associated bitmap.
    
    This event code can come from a variety of sources, including devices
    masquerading as input devices, only a bit more "programmable".
    
    Instead of taking the event code at face value, check that it actually
    fits the corresponding bitmap, and if it doesn't:
    - spit out a warning so that we know which device is acting up
    - NULLify the bitmap pointer so that we catch unexpected uses
    
    Code paths that can make use of untrusted inputs can now check
    that the mapping was indeed correct and bail out if not.
    
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
    Signed-off-by: default avatarBenjamin Tissoires <benjamin.tissoires@gmail.com>
    35556bed
hid-multitouch.c 59.1 KB