Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp546541imm; Mon, 2 Jul 2018 17:01:20 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdnvtWrXlteZjylxRctHFu8MnfY+3XQVzb8RUY1GzMMZGI4CFKeE+3cQIcxOxXS2Xg8Q+xI X-Received: by 2002:aa7:83d1:: with SMTP id j17-v6mr27594092pfn.236.1530576080569; Mon, 02 Jul 2018 17:01:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530576080; cv=none; d=google.com; s=arc-20160816; b=e6KjhNZG81yvFiteK4C1EvdFIKmQUr37lsyC7qIXKDkStqr4OoA75z2YJLp8nAYK6C kTv2VmYdMmk2kS7fyklmbZETirYfK6RkgGmEckhFJ0urP5N8q87YWXOWodxeyqSJhFTw nTUotDsrtRJCcShqW/Cjh7uNSdhQe7/jeoThSPZiyXB2U8nE6vAZrM59RIqAsyNOCpgl v0xQ3ZQht8/y1Hhci1Yd5NYGIxW3/zbOtrzDE4xnN3hfUh4u1sNt7O8B0mEVc3cZUSl4 qpXw+62tHZDeeWNzuO22nzGAVjzRMZEArvLBifl0Sw2zDhR68aOGpNtUxn43y9Qgjv5R SAZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=evF58zRqCwWmnT0aAXmXG229hKCPXbUldLYrasJlK64=; b=0dxPhPYFxJ5EN2qNfhK+rhg+M3quknvWZ7SxUPR5OgJk/oUtz1cvSCobvIcTh9Gt6h 2YLpOdmtGWuZyUlnhlz8p/EFI/asswy30h3S4GeMqwj04RwJzlaIA2WnygKBbv8aQI46 vxd1rOhBEXq+dWuBqknA0a62tVVnMD04fa043/PiNet/KyOloTQmjTo8eFzeZSEGRZm1 wbigKafTA2haRgzFY6tw53ylhN0ZVr6bwXFyxw8CFmxMOE6HSeL4F9sp/sO3p06MchuZ /Q8ETRt2in28MjghMLW7zuVoZ/ObkF985qdIbhqy9G4DaAGEXnSIoTvLgxYe8A4Mn1e5 5LGQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vLap2syq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 11-v6si17469708plc.466.2018.07.02.17.00.54; Mon, 02 Jul 2018 17:01:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vLap2syq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753638AbeGBX7s (ORCPT + 99 others); Mon, 2 Jul 2018 19:59:48 -0400 Received: from mail-pg0-f67.google.com ([74.125.83.67]:34201 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753205AbeGBX7q (ORCPT ); Mon, 2 Jul 2018 19:59:46 -0400 Received: by mail-pg0-f67.google.com with SMTP id y5-v6so80636pgv.1 for ; Mon, 02 Jul 2018 16:59:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=evF58zRqCwWmnT0aAXmXG229hKCPXbUldLYrasJlK64=; b=vLap2syqO4FsG96RkVXeOg5lt5nVFjrUEqsAcg6mcJZ/QtWg6ikCdtmFn5t7ykC5tz wF6DLG1E8N0WMg9P3/7Bx5y4mJRD15x/cNoKM5yc2EEtJ9cXK+rWySa1ZQHvxhExsN2J wB1DpxRwjsT+I6G5Lfrv9KNEmimf0uv6q4j8YclCaWWEkQXCO+sSQEczXvy/JSFA8qRY iWWtpl3wuBsXAqpt8W0qc5gQsj9tlwRBVktosrgfrDpDlLzljjRra60i3dFYHs7i/6Aa 96YbezbhD5Etyx2E1xEdLxen6UKme0wQinnsSvLnu6wPcjh1zil1IlgCF573k9TKkHrw DbCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=evF58zRqCwWmnT0aAXmXG229hKCPXbUldLYrasJlK64=; b=IYVPwLzcxvE2lBbReI4rELf3SO9PAaZv4ZBU0Onofu9WvJy8N7kPRxOE6BXwzC4By1 3SWvUfMCnyA1hB06dMU8WTvttOu08KE86v6OS3JKaOSTQK98kbqmiMNvAfKmMxyjVHYB UFDZCK71Ud+t/RbNxcczISS5aH2pFFIhk1qw8irT6W/peW/MySetkin3Y0gGwt1nhYkF IM+K2HaUA7kYdfHeKGBUs7NQzN8SI0pH1PByHJz2Vadx2rgRAJmkVGEhO1DeKtb9d9y1 LlSK2rFc2mvzshdoxOTy9/nuzkzP5iRbGRscwOj1crqhvi5hkKb5r0JHGtdC5L4qO62O 5dzA== X-Gm-Message-State: APt69E2OvbLnY7mO61xzbkd3eT5LKGfLIG/ckiD5WatwCT3YvvLl/8yg ngqITzdRmqTFNLuEY93S6OQFnwdg1Hk= X-Received: by 2002:a65:611a:: with SMTP id z26-v6mr23326154pgu.61.1530575985725; Mon, 02 Jul 2018 16:59:45 -0700 (PDT) Received: from drosen.mtv.corp.google.com ([2620:0:1000:1611:7129:1142:3149:848c]) by smtp.gmail.com with ESMTPSA id k15-v6sm25011486pfi.37.2018.07.02.16.59.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Jul 2018 16:59:44 -0700 (PDT) From: Daniel Rosenberg To: Jiri Kosina , Benjamin Tissoires , linux-input@vger.kernel.org Cc: linux-kernel@vger.kernel.org, kernel-team@android.com, Daniel Rosenberg , stable@vger.kernel.org Subject: [PATCH] HID: debug: check length before copy_to_user() Date: Mon, 2 Jul 2018 16:59:37 -0700 Message-Id: <20180702235937.111619-1-drosen@google.com> X-Mailer: git-send-email 2.18.0.399.gad0ab374a1-goog Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If our length is greater than the size of the buffer, we overflow the buffer Signed-off-by: Daniel Rosenberg Cc: stable@vger.kernel.org --- drivers/hid/hid-debug.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-debug.c b/drivers/hid/hid-debug.c index 8469b6964ff64..b48100236df89 100644 --- a/drivers/hid/hid-debug.c +++ b/drivers/hid/hid-debug.c @@ -1154,6 +1154,8 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, goto out; if (list->tail > list->head) { len = list->tail - list->head; + if (len > count) + len = count; if (copy_to_user(buffer + ret, &list->hid_debug_buf[list->head], len)) { ret = -EFAULT; @@ -1163,6 +1165,8 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, list->head += len; } else { len = HID_DEBUG_BUFSIZE - list->head; + if (len > count) + len = count; if (copy_to_user(buffer, &list->hid_debug_buf[list->head], len)) { ret = -EFAULT; @@ -1170,7 +1174,9 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, } list->head = 0; ret += len; - goto copy_rest; + count -= len; + if (count > 0) + goto copy_rest; } } -- 2.18.0.399.gad0ab374a1-goog