Re: [PATCH v2] HID: roccat: add bounds checking in kone_sysfs_write_settings()

[PATCH] HID: roccat: add bounds checking in kone_sysfs_write_settings() · Dan Carpenter <hidden> · 2020-08-05
Re: [PATCH] HID: roccat: add bounds checking in kone_sysfs_write_settings() · Jiri Kosina <jikos@kernel.org> · 2020-08-17
Re: [PATCH] HID: roccat: add bounds checking in kone_sysfs_write_settings() · Stefan Achatz <hidden> · 2020-08-19
[PATCH v2] HID: roccat: add bounds checking in kone_sysfs_write_settings() · Dan Carpenter <hidden> · 2020-08-24
AW: [PATCH v2] HID: roccat: add bounds checking in kone_sysfs_write_settings() · Walter Harms <hidden> · 2020-08-24
Re: [PATCH v2] HID: roccat: add bounds checking in kone_sysfs_write_settings() · Dan Carpenter <hidden> · 2020-08-25
AW: [PATCH v2] HID: roccat: add bounds checking in kone_sysfs_write_settings() · Walter Harms <hidden> · 2020-08-25
Re: [PATCH v2] HID: roccat: add bounds checking in kone_sysfs_write_settings() · Jiri Kosina <jikos@kernel.org> · 2020-09-09

From: Jiri Kosina <jikos@kernel.org>
Date: 2020-09-09 06:35:58
Also in: kernel-janitors, lkml

On Mon, 24 Aug 2020, Dan Carpenter wrote:

This code doesn't check if "settings->startup_profile" is within bounds
and that could result in an out of bounds array access.  What the code
does do is it checks if the settings can be written to the firmware, so
it's possible that the firmware has a bounds check?  It's safer and
easier to verify when the bounds checking is done in the kernel.

Fixes: 14bf62cde794 ("HID: add driver for Roccat Kone gaming mouse")
Signed-off-by: Dan Carpenter <redacted>
---
v2:  In the v1 patch I added a check against settings->size but that's
potentially too strict so it was removed.

Applied, thanks Dan.

-- 
Jiri Kosina
SUSE Labs

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help