summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Dudau <adrian.dudau@enea.com>2016-10-20 11:21:08 +0200
committerMartin Borg <martin.borg@enea.com>2016-10-20 12:08:44 +0200
commitee00fbf970c7f04aff02f53f2c95bd43d95d9b22 (patch)
tree4a1a1d963030fc149fc7924f02c60cf20f589cc5
parent9edd7ba9fa213e36c0c317519657cc3c3d6d5e73 (diff)
downloadmeta-enea-bsp-ppc-ee00fbf970c7f04aff02f53f2c95bd43d95d9b22.tar.gz
Revert "kernel/drivers/hid: CVE-2016-5829"
meta-freescale bumped up to a newer kernel version that includes this fix. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
-rw-r--r--recipes-kernel/linux/files/hid-CVE-2016-5829.patch51
-rw-r--r--recipes-kernel/linux/linux-qoriq_4.1.bbappend3
2 files changed, 1 insertions, 53 deletions
diff --git a/recipes-kernel/linux/files/hid-CVE-2016-5829.patch b/recipes-kernel/linux/files/hid-CVE-2016-5829.patch
deleted file mode 100644
index fca7e51..0000000
--- a/recipes-kernel/linux/files/hid-CVE-2016-5829.patch
+++ /dev/null
@@ -1,51 +0,0 @@
1From f67b6920a0cf03d363c5f3bfb14f5d258168dc8c Mon Sep 17 00:00:00 2001
2From: Scott Bauer <sbauer@plzdonthack.me>
3Date: Thu, 23 Jun 2016 08:59:47 -0600
4Subject: HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES
5 commands
6
7[ Upstream commit 93a2001bdfd5376c3dc2158653034c20392d15c5 ]
8
9This patch validates the num_values parameter from userland during the
10HIDIOCGUSAGES and HIDIOCSUSAGES commands. Previously, if the report id was set
11to HID_REPORT_ID_UNKNOWN, we would fail to validate the num_values parameter
12leading to a heap overflow.
13
14CVE: CVE-2016-5829
15Upstream-Status: Backport
16
17Cc: stable@vger.kernel.org
18Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
19Signed-off-by: Jiri Kosina <jkosina@suse.cz>
20Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
21Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
22---
23 drivers/hid/usbhid/hiddev.c | 10 +++++-----
24 1 file changed, 5 insertions(+), 5 deletions(-)
25
26diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
27index 2f1ddca..700145b 100644
28--- a/drivers/hid/usbhid/hiddev.c
29+++ b/drivers/hid/usbhid/hiddev.c
30@@ -516,13 +516,13 @@ static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd,
31 goto inval;
32 } else if (uref->usage_index >= field->report_count)
33 goto inval;
34-
35- else if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
36- (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
37- uref->usage_index + uref_multi->num_values > field->report_count))
38- goto inval;
39 }
40
41+ if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
42+ (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
43+ uref->usage_index + uref_multi->num_values > field->report_count))
44+ goto inval;
45+
46 switch (cmd) {
47 case HIDIOCGUSAGE:
48 uref->value = field->value[uref->usage_index];
49--
50cgit v0.12
51
diff --git a/recipes-kernel/linux/linux-qoriq_4.1.bbappend b/recipes-kernel/linux/linux-qoriq_4.1.bbappend
index 39e23cb..417cb53 100644
--- a/recipes-kernel/linux/linux-qoriq_4.1.bbappend
+++ b/recipes-kernel/linux/linux-qoriq_4.1.bbappend
@@ -2,6 +2,5 @@ require recipes-kernel/linux/linux-qoriq-common.inc
2 2
3FILESEXTRAPATHS_prepend := "${THISDIR}/files:" 3FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
4 4
5SRC_URI += "file://hid-CVE-2016-5829.patch \ 5SRC_URI += "file://CVE-2016-4951.patch \
6 file://CVE-2016-4951.patch \
7 " 6 "