Re: [RESEND] HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report

From: Lee Jones
Date: Mon Sep 12 2022 - 09:04:29 EST


On Mon, 12 Sep 2022, Silvan Jegen wrote:

> Hi
>
> Lee Jones <lee@xxxxxxxxxx> wrote:
> > On Wed, 03 Aug 2022, Lee Jones wrote:
> >
> > > It is possible for a malicious device to forgo submitting a Feature
> > > Report. The HID Steam driver presently makes no prevision for this
> > > and de-references the 'struct hid_report' pointer obtained from the
> > > HID devices without first checking its validity. Let's change that.
> >
> > This patch has been floating around since the beginning of July.
> >
> > It fixes a real issue which was found by creating a virtual
> > (software based) malicious device and registering it as a HID device.
> >
> > There is nothing preventing a real attacker from creating a H/W
> > version of the device in order to instigate an out-of-bounds read,
> > potentially leading to a data leak.
> >
> > Would someone be kind enough to review please?
>
> AFACT this patch has been applied by Jiri on the 25th of August already.

Ah, I missed his reply to the original patch.

> Is a review still needed in this case?

Certainly not. Thank you for your reply.

--
Lee Jones [李琼斯]