1 files changed, 0 insertions, 41 deletions
diff --git a/recipes-kernel/linux/files/HID_CVE_patches/0010-HID-ntrig-validate-feature-report-details.patch b/recipes-kernel/linux/files/HID_CVE_patches/0010-HID-ntrig-validate-feature-report-details.patch
deleted file mode 100644
index b243fc6..0000000
--- a/recipes-kernel/linux/files/HID_CVE_patches/0010-HID-ntrig-validate-feature-report-details.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 875b4e3763dbc941f15143dd1a18d10bb0be303b Mon Sep 17 00:00:00 2001
-From: Kees Cook <keescook@chromium.org>
-Date: Wed, 28 Aug 2013 22:31:28 +0200
-Subject: [PATCH] HID: ntrig: validate feature report details
-A HID device could send a malicious feature report that would cause the
-ntrig HID driver to trigger a NULL dereference during initialization:
-[57383.031190] usb 3-1: New USB device found, idVendor=1b96, idProduct=0001
-...
-[57383.315193] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
-[57383.315308] IP: [<ffffffffa08102de>] ntrig_probe+0x25e/0x420 [hid_ntrig]
-CVE-2013-2896
-Signed-off-by: Kees Cook <keescook@chromium.org>
-Cc: stable@kernel.org
-Signed-off-by: Rafi Rubin <rafi@seas.upenn.edu>
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
---
- drivers/hid/hid-ntrig.c |    3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c
-index 98d1fdf..600f207 100644
--- a/drivers/hid/hid-ntrig.c
-+++ b/drivers/hid/hid-ntrig.c
-@@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct hid_device *hdev)
-        struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT].
-                                    report_id_hash[0x0d];
- 
-       if (!report)
-+       if (!report || report->maxfield < 1 ||
-+           report->field[0]->report_count < 1)
-                return -EINVAL;
- 
-        hid_hw_request(hdev, report, HID_REQ_GET_REPORT);
-- 
-1.7.9.5

diff --git a/recipes-kernel/linux/files/HID_CVE_patches/0010-HID-ntrig-validate-feature-report-details.patch b/recipes-kernel/linux/files/HID_CVE_patches/0010-HID-ntrig-validate-feature-report-details.patch deleted file mode 100644 index b243fc6..0000000 --- a/recipes-kernel/linux/files/HID_CVE_patches/0010-HID-ntrig-validate-feature-report-details.patch +++ /dev/null
@@ -1,41 +0,0 @@
1	From 875b4e3763dbc941f15143dd1a18d10bb0be303b Mon Sep 17 00:00:00 2001
2	From: Kees Cook <keescook@chromium.org>
3	Date: Wed, 28 Aug 2013 22:31:28 +0200
4	Subject: [PATCH] HID: ntrig: validate feature report details
5
6	A HID device could send a malicious feature report that would cause the
7	ntrig HID driver to trigger a NULL dereference during initialization:
8
9	[57383.031190] usb 3-1: New USB device found, idVendor=1b96, idProduct=0001
10	...
11	[57383.315193] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
12	[57383.315308] IP: [<ffffffffa08102de>] ntrig_probe+0x25e/0x420 [hid_ntrig]
13
14	CVE-2013-2896
15
16	Signed-off-by: Kees Cook <keescook@chromium.org>
17	Cc: stable@kernel.org
18	Signed-off-by: Rafi Rubin <rafi@seas.upenn.edu>
19	Signed-off-by: Jiri Kosina <jkosina@suse.cz>
20	Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
21	---
22	drivers/hid/hid-ntrig.c \| 3 ++-
23	1 file changed, 2 insertions(+), 1 deletion(-)
24
25	diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c
26	index 98d1fdf..600f207 100644
27	--- a/drivers/hid/hid-ntrig.c
28	+++ b/drivers/hid/hid-ntrig.c
29	@@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct hid_device *hdev)
30	struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT].
31	report_id_hash[0x0d];
32
33	- if (!report)
34	+ if (!report \|\| report->maxfield < 1 \|\|
35	+ report->field[0]->report_count < 1)
36	return -EINVAL;
37
38	hid_hw_request(hdev, report, HID_REQ_GET_REPORT);
39	--
40	1.7.9.5
41