github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-03 03:53:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

Input: elan_i2c - validate firmware size before use

Browse Source 
Ensure that the firmware file is large enough to contain the expected
number of pages and the signature (which resides at the end of the
firmware blob) before accessing them to prevent potential out-of-bounds
reads.

Cc: stable@vger.kernel.org
Link: https://patch.msgid.link/ae2dOgiFvXRm4BHo@google.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
This commit is contained in:
Dmitry Torokhov 2026-04-25 22:07:06 -07:00
parent 6cdc46b38c
commit 76b0d0baa9
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/input/mouse/elan_i2c_core.c
View File

@ -648,6 +648,11 @@ static ssize_t elan_sysfs_update_fw(struct device *dev,
return error;
}
if (fw->size < data->fw_signature_address + sizeof(signature)) {
dev_err(dev, "firmware file too small\n");
return -EBADF;
}
/* Firmware file must match signature data */
fw_signature = &fw->data[data->fw_signature_address];
if (memcmp(fw_signature, signature, sizeof(signature)) != 0) {