HID: logitech-dj: check report length

author Peter Wu <peter@lekensteyn.nl>

Tue, 16 Dec 2014 15:55:21 +0000 (16:55 +0100)

committer Jiri Kosina <jkosina@suse.cz>

Wed, 17 Dec 2014 07:50:12 +0000 (08:50 +0100)
author Peter Wu <peter@lekensteyn.nl>
Tue, 16 Dec 2014 15:55:21 +0000 (16:55 +0100)
committer Jiri Kosina <jkosina@suse.cz>
Wed, 17 Dec 2014 07:50:12 +0000 (08:50 +0100)
diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c

index c917ab6..5bc6d80 100644 (file)
--- a/drivers/hid/hid-logitech-dj.c
+++ b/drivers/hid/hid-logitech-dj.c
@@ -962,10 +962,24 @@ static int logi_dj_raw_event(struct hid_device *hdev,
  
         switch (data[0]) {
         case REPORT_ID_DJ_SHORT:
+               if (size != DJREPORT_SHORT_LENGTH) {
+                       dev_err(&hdev->dev, "DJ report of bad size (%d)", size);
+                       return false;
+               }
                 return logi_dj_dj_event(hdev, report, data, size);
         case REPORT_ID_HIDPP_SHORT:
-               /* intentional fallthrough */
+               if (size != HIDPP_REPORT_SHORT_LENGTH) {
+                       dev_err(&hdev->dev,
+                               "Short HID++ report of bad size (%d)", size);
+                       return false;
+               }
+               return logi_dj_hidpp_event(hdev, report, data, size);
         case REPORT_ID_HIDPP_LONG:
+               if (size != HIDPP_REPORT_LONG_LENGTH) {
+                       dev_err(&hdev->dev,
+                               "Long HID++ report of bad size (%d)", size);
+                       return false;
+               }
                 return logi_dj_hidpp_event(hdev, report, data, size);
         }
author	Peter Wu <peter@lekensteyn.nl>
	Tue, 16 Dec 2014 15:55:21 +0000 (16:55 +0100)
committer	Jiri Kosina <jkosina@suse.cz>
	Wed, 17 Dec 2014 07:50:12 +0000 (08:50 +0100)