From: miod Date: Thu, 30 Nov 2023 12:50:41 +0000 (+0000) Subject: Make sure we don't process garbage data as keypresses if the device sends a X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=7b53bb41f795d90ddabe9bd1c93f7a7f2d9603e5;p=openbsd Make sure we don't process garbage data as keypresses if the device sends a truncated report. --- diff --git a/sys/dev/hid/hidkbd.c b/sys/dev/hid/hidkbd.c index 5f14fa5763c..261e4e63db8 100644 --- a/sys/dev/hid/hidkbd.c +++ b/sys/dev/hid/hidkbd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hidkbd.c,v 1.10 2023/11/22 18:19:25 tobhe Exp $ */ +/* $OpenBSD: hidkbd.c,v 1.11 2023/11/30 12:50:41 miod Exp $ */ /* $NetBSD: ukbd.c,v 1.85 2003/03/11 16:44:00 augustss Exp $ */ /* @@ -421,8 +421,11 @@ hidkbd_input(struct hidkbd *kbd, uint8_t *data, u_int len) &kbd->sc_var[i].loc); /* extract keycodes */ - memcpy(ud->keycode, data + kbd->sc_keycodeloc.pos / 8, - kbd->sc_nkeycode); + if (kbd->sc_keycodeloc.pos / 8 + kbd->sc_nkeycode <= len) + memcpy(ud->keycode, data + kbd->sc_keycodeloc.pos / 8, + kbd->sc_nkeycode); + else + memset(ud->keycode, 0, kbd->sc_nkeycode); if (kbd->sc_debounce && !kbd->sc_polling) { /*