Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick b041159d06ad from chromium #37694

Merged
merged 2 commits into from
Mar 29, 2023
Merged

chore: cherry-pick b041159d06ad from chromium #37694

merged 2 commits into from
Mar 29, 2023

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Mar 24, 2023

[M-110] hid: Handle empty input reports

It's possible for a HID device to define its report descriptor such that
one or more reports have no data fields within the report. When receiving these reports, the report buffer should contain only the
report ID byte and no other data.

Ensure that we do not read past the end of the buffer when handling
zero-length input reports.

(cherry picked from commit c9d77da78bc66c135520ac77873d67b89cdcaee6)

Bug: 1419718
Change-Id: I51d32c20f6b16f0d2b0172e0a165469b6b79748c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4296562
Reviewed-by: Reilly Grant reillyg@chromium.org
Commit-Queue: Matt Reynolds mattreynolds@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1112009}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4320692
Commit-Queue: Reilly Grant reillyg@chromium.org
Auto-Submit: Matt Reynolds mattreynolds@chromium.org
Cr-Commit-Position: refs/branch-heads/5481@{#1341}
Cr-Branched-From: 130f3e4d850f4bc7387cfb8d08aa993d288a67a9-refs/heads/main@{#1084008}

Ref electron/security#304

Notes: Security: backported fix for CVE-2023-1529.

@ppontes ppontes requested a review from a team as a code owner March 24, 2023 09:03
@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 22-x-y labels Mar 24, 2023
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Mar 24, 2023
@ppontes ppontes force-pushed the cherry-pick/22-x-y/chromium/b041159d06ad branch from 4bed9f8 to 2b5d5de Compare March 28, 2023 10:05
ckerr
ckerr approved these changes Mar 28, 2023
View reviewed changes
Copy link
Member

@ckerr ckerr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like this is just the ~5 LOC change in hid_connection_impl and then a mountain of scaffolding to exercise the overflow case.

All LGTM. The new safeguard in hid_connection_impl is unambiguously safer.

@codebytere codebytere merged commit f557f99 into 22-x-y Mar 29, 2023
@codebytere codebytere deleted the cherry-pick/22-x-y/chromium/b041159d06ad branch March 29, 2023 10:14
@release-clerk
Copy link

release-clerk bot commented Mar 29, 2023

Release Notes Persisted

Security: backported fix for CVE-2023-1529.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ckerr ckerr ckerr approved these changes

Assignees
No one assigned
Labels
22-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ppontes @ckerr @codebytere