Re: [PATCH 5.4 17/78] HID: Fix slab-out-of-bounds read in hid_field_extract (Broken!)
From: Alan Stern
Date: Thu Feb 06 2020 - 10:14:15 EST
On Thu, 6 Feb 2020, Enderborg, Peter wrote:
> > Also, please post the output from "lsusb -v" for the StreamDeck.
>
> Bus 002 Device 008: ID 0fd9:0060 Elgato Systems GmbH Stream Deck
> Device Descriptor:
> Â bLengthÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 18
> Â bDescriptorTypeÂÂÂÂÂÂÂÂ 1
> Â bcdUSBÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 2.00
> Â bDeviceClassÂÂÂÂÂÂÂÂÂÂÂ 0
> Â bDeviceSubClassÂÂÂÂÂÂÂÂ 0
> Â bDeviceProtocolÂÂÂÂÂÂÂÂ 0
> Â bMaxPacketSize0ÂÂÂÂÂÂÂ 64
> Â idVendorÂÂÂÂÂÂÂÂÂÂ 0x0fd9 Elgato Systems GmbH
> Â idProductÂÂÂÂÂÂÂÂÂ 0x0060
> Â bcdDeviceÂÂÂÂÂÂÂÂÂÂÂ 1.00
> Â iManufacturerÂÂÂÂÂÂÂÂÂÂ 1
> Â iProductÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 2
> Â iSerialÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 3
> Â bNumConfigurationsÂÂÂÂÂ 1
> Â Configuration Descriptor:
> ÂÂÂ bLengthÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 9
> ÂÂÂ bDescriptorTypeÂÂÂÂÂÂÂÂ 2
> ÂÂÂ wTotalLengthÂÂÂÂÂÂ 0x0029
> ÂÂÂ bNumInterfacesÂÂÂÂÂÂÂÂÂ 1
> ÂÂÂ bConfigurationValueÂÂÂÂ 1
> ÂÂÂ iConfigurationÂÂÂÂÂÂÂÂÂ 0
> ÂÂÂ bmAttributesÂÂÂÂÂÂÂÂ 0xe0
> ÂÂÂÂÂ Self Powered
> ÂÂÂÂÂ Remote Wakeup
> ÂÂÂ MaxPowerÂÂÂÂÂÂÂÂÂÂÂÂÂ 400mA
> ÂÂÂ Interface Descriptor:
> ÂÂÂÂÂ bLengthÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 9
> ÂÂÂÂÂ bDescriptorTypeÂÂÂÂÂÂÂÂ 4
> ÂÂÂÂÂ bInterfaceNumberÂÂÂÂÂÂÂ 0
> ÂÂÂÂÂ bAlternateSettingÂÂÂÂÂÂ 0
> ÂÂÂÂÂ bNumEndpointsÂÂÂÂÂÂÂÂÂÂ 2
> ÂÂÂÂÂ bInterfaceClassÂÂÂÂÂÂÂÂ 3 Human Interface Device
> ÂÂÂÂÂ bInterfaceSubClassÂÂÂÂÂ 0
> ÂÂÂÂÂ bInterfaceProtocolÂÂÂÂÂ 0
> ÂÂÂÂÂ iInterfaceÂÂÂÂÂÂÂÂÂÂÂÂÂ 0
> ÂÂÂÂÂÂÂ HID Device Descriptor:
> ÂÂÂÂÂÂÂÂÂ bLengthÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 9
> ÂÂÂÂÂÂÂÂÂ bDescriptorTypeÂÂÂÂÂÂÂ 33
> ÂÂÂÂÂÂÂÂÂ bcdHIDÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 1.11
> ÂÂÂÂÂÂÂÂÂ bCountryCodeÂÂÂÂÂÂÂÂÂÂÂ 0 Not supported
> ÂÂÂÂÂÂÂÂÂ bNumDescriptorsÂÂÂÂÂÂÂÂ 1
> ÂÂÂÂÂÂÂÂÂ bDescriptorTypeÂÂÂÂÂÂÂ 34 Report
> ÂÂÂÂÂÂÂÂÂ wDescriptorLengthÂÂÂÂ 248
> ÂÂÂÂÂÂÂÂ Report Descriptors:
> ÂÂÂÂÂÂÂÂÂÂ ** UNAVAILABLE **
I was hoping to see the report descriptors. This would produce the
actual descriptors as sent by the device, not the kernel's
interpretation or modification of the descriptors.
I guess you have to unbind the device from the usbhid driver first in
order for lsusb to get them. Can you do that?
Alan Stern