Received: by 2002:a05:6a10:c7d3:0:0:0:0 with SMTP id h19csp1013804pxy; Sun, 15 Aug 2021 07:12:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxWmX84aUkz05nln+expR2RJyjP4EbqjN0mqV4KklrMcBMBu78tAsL3LEmnpWto77zxEu3g X-Received: by 2002:a17:907:72ce:: with SMTP id du14mr11886007ejc.523.1629036749996; Sun, 15 Aug 2021 07:12:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629036749; cv=none; d=google.com; s=arc-20160816; b=GkxvGKcfKq7NfEB+RI2vTKWeyEFjad35arzmlFXdur7BQJK+iWode+6fu/J0nxTkzD u1R+5zz09wN5kXP+mEAwk+wdJI/IoWlLGgoydWU5SWlEl6LeenA5mK/wOcT3C9/s+ldi TceziCJkDT6PzhBRwDmB7ulHVlU2LHg2YPFezI1uQQWU7dWyc+P155+wLYrBd62zxdRd rBbB6fL0SWwYvoM2hB5X37oJtAM0cN0BOsYHwaey94wzJMdaZt3CfBAZWqz09FL8I4dW Jv0MLxbVTAFQ1T90zckzeFAg6KFJvgMb1UPWPeIZr60Zbx+eialFSWh0Sm2YcZYkG7DL TM3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from :dkim-signature; bh=ClDhBxxnU3zgt+GP/nL78ZXud/YSzYtwZxMTdgC2iPQ=; b=K3/DPgy420gBr+2A0UBsUioR+UsV7O9rOcUD3oC86Q4Y9p90e9uiHhPKm+q8uXk2CA Iv8Ou2lsYAjABP6ANTBeLBb4S9BBTOJgO+NPWy1BG4g9OUFT61xy+dadmyji3wLOO+k/ yZWyrvoTeyP7ZNydR1aZ31NxVQ/gqgwMipeP6Y872NjEcURSkSzNZGGDe8bB3gM2RRe2 nDVT6BHl2n//NCJDzhdmxia6sX1qxYJQ8YYFHZRUwrocfsh9uwXFer13iwUSSgKKHSnv W5SJcdLx3OB0Gy6eY5adFqpkrUToxFbk3emGm2ZWX6dzEr3mdFHUM0KZEwzZ2fB7NFgL JpIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@itfac-mrt-ac-lk.20150623.gappssmtp.com header.s=20150623 header.b=YvmxKMqf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p4si9710142edj.402.2021.08.15.07.12.06; Sun, 15 Aug 2021 07:12:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@itfac-mrt-ac-lk.20150623.gappssmtp.com header.s=20150623 header.b=YvmxKMqf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232558AbhHOOIX (ORCPT + 99 others); Sun, 15 Aug 2021 10:08:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236447AbhHOOIW (ORCPT ); Sun, 15 Aug 2021 10:08:22 -0400 Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEE73C061764 for ; Sun, 15 Aug 2021 07:07:51 -0700 (PDT) Received: by mail-pj1-x1036.google.com with SMTP id u13-20020a17090abb0db0290177e1d9b3f7so28347223pjr.1 for ; Sun, 15 Aug 2021 07:07:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=itfac-mrt-ac-lk.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=ClDhBxxnU3zgt+GP/nL78ZXud/YSzYtwZxMTdgC2iPQ=; b=YvmxKMqfsv/y+xBEUjsEAM4Ph+u1fXXXpTTgJmFtCxeVJkEA5KCqD+VOJ29FBMkuhA ybKrHpMCM3te2cBavyAlnJOuRYH5+y9bT4RGWPuPmjadoKLvtzNi3rDB/8Efjor+pFxf PkHs5zgmL4Mx1D6X4pCOt7MtAozAzJSJFY7KW9xgU3c6faayh2NlFDXwxJ3q8iUAyoVG zwOE7CCay+oq2x58KmpDTV76pNXemZITkLX7H7WhPZucMuKfZ1mVnm1Mqp32BzYDaVfw bXd77Me4CahWItiB35sVLWmRIIAcqhgLGitCROKwjRM2bRXHgkq+oAq6ISNAK2HrC8FZ XBhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=ClDhBxxnU3zgt+GP/nL78ZXud/YSzYtwZxMTdgC2iPQ=; b=ZnFP3d4B1RdnsAji2W4hU1S6QHTqlyCMWgdLZdECE2Bme0Qdje7FS0g8P5OsmuQaEz YD0wegVHORbsSgYmiUzmripZLxpyCisY68WXRQvKRgKcc80D/rpYhGdKe/k8m8C0tKYs t82g+/K0ooW5aGS+AAEssGcaazn75BlRvRKLLbKG4+CldsYnX4hRbwX0/GC8B9NQcDCQ QZNpt+bT+5uagtMvXdUeRxK6tM/S31nFqSI88zUSuZEfZ5fhTz2/9MTtpwb8aBz02A1I Hw2T+9k8CXnrIkvQukb/u43OkXmIvgXETDiOIW6V5vHS6WZluDAvRpDNyXHc7SSeB4HK t3mQ== X-Gm-Message-State: AOAM532MJtVnoHBf17yGU6nvEqytHWRzSMONsk9+hfL08RUV1bISdcsL 2S7LxZw0Scsewo9m7zeeLeBU X-Received: by 2002:a65:6398:: with SMTP id h24mr11556556pgv.367.1629036471456; Sun, 15 Aug 2021 07:07:51 -0700 (PDT) Received: from localhost.localdomain ([123.231.122.209]) by smtp.gmail.com with ESMTPSA id b1sm6640561pfv.151.2021.08.15.07.07.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Aug 2021 07:07:51 -0700 (PDT) From: "F.A.Sulaiman" To: jikos@kernel.org, benjamin.tissoires@redhat.com Cc: "F.A.Sulaiman" , linux-input@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] fix slab-out-of-bounds in betopff_init function Date: Sun, 15 Aug 2021 19:37:25 +0530 Message-Id: <20210815140725.19973-1-asha.16@itfac.mrt.ac.lk> X-Mailer: git-send-email 2.17.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch resolves the bug 'KASAN: slab-out-of-bounds Write in betop_probe' reported by Syzbot. Patch resolve the bug by checking hid_device's hid_input is non empty before it's been used. Signed-off-by: F.A. SULAIMAN --- drivers/hid/hid-betopff.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/hid/hid-betopff.c b/drivers/hid/hid-betopff.c index 0790fbd3fc9a..467d789f9bc2 100644 --- a/drivers/hid/hid-betopff.c +++ b/drivers/hid/hid-betopff.c @@ -56,15 +56,22 @@ static int betopff_init(struct hid_device *hid) { struct betopff_device *betopff; struct hid_report *report; - struct hid_input *hidinput = - list_first_entry(&hid->inputs, struct hid_input, list); + struct hid_input *hidinput; struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; - struct input_dev *dev = hidinput->input; + struct input_dev *dev; int field_count = 0; int error; int i, j; + if (list_empty(&hid->inputs)) { + hid_err(hid, "no inputs found\n"); + return -ENODEV; + } + + hidinput = list_first_entry(&hid->inputs, struct hid_input, list); + dev = hidinput->input; + if (list_empty(report_list)) { hid_err(hid, "no output reports found\n"); return -ENODEV; -- 2.17.1