Commit a4170b63 authored by Rosalie Wanders's avatar Rosalie Wanders Committed by Jiri Kosina
Browse files

HID: sony: add missing size validation for SMK-Link remotes 



This commit adds the missing size validation for SMK-Link remotes in
sony_raw_event(), this prevents a malicious device from allowing
hid-sony to read out of bounds of the provided buffer.

I do not own these devices so the size check only forces that the buffer
is large enough for nsg_mrxu_parse_report().

Signed-off-by: default avatarRosalie Wanders <rosalie@mailbox.org>
Signed-off-by: default avatarJiri Kosina <jkosina@suse.com>
parent 0f2b8466

drivers/hid/hid-sony.c

+2 −3
Original line number Diff line number Diff line
@@ -1169,10 +1169,9 @@ static int sony_raw_event(struct hid_device *hdev, struct hid_report *report, 
		sixaxis_parse_report(sc, rd, size);

	} else if ((sc->quirks & MOTION_CONTROLLER_BT) && rd[0] == 0x01 && size == 49) {

		sixaxis_parse_report(sc, rd, size);

	} else if ((sc->quirks & NAVIGATION_CONTROLLER) && rd[0] == 0x01 &&

			size == 49) {

	} else if ((sc->quirks & NAVIGATION_CONTROLLER) && rd[0] == 0x01 && size == 49) {

		sixaxis_parse_report(sc, rd, size);

	} else if ((sc->quirks & NSG_MRXU_REMOTE) && rd[0] == 0x02) {

	} else if ((sc->quirks & NSG_MRXU_REMOTE) && rd[0] == 0x02 && size >= 12) {

		nsg_mrxu_parse_report(sc, rd, size);

		return 1;

	} else if ((sc->quirks & RB4_GUITAR_PS4_USB) && rd[0] == 0x01 && size == 64) {