commit | 27743e2ca1db4935233edbf0ec76cbd0caee9133 | [log] [tgz] |
---|---|---|
author | Daniel Rosenberg <drosen@google.com> | Mon Mar 12 15:57:54 2018 -0700 |
committer | chrmhoffmann <chrmhoffmann@gmail.com> | Sat Apr 11 17:51:12 2020 +0200 |
tree | 14ccec0e491075fbe256ee71b687107a734d5197 | |
parent | 1b4fcca7fb6276b6ad2e162d3fd61099ac7a2be1 [diff] |
ANDROID: HID: debug: check length in hid_debug_events_read() before copy_to_user() If our length is greater than the size of the buffer, we overflow the buffer Change-Id: I113a1955a2bac83c83084d5cd28d886175673219 Bug: 71361580 Signed-off-by: Daniel Rosenberg <drosen@google.com> CVE-2018-9516 Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>