From 27d2a2fd844ec7da70d19fabb482304fd1e0595b Mon Sep 17 00:00:00 2001

From: Pietro Borrello <borrello@diag.uniroma1.it>

Date: Sun, 12 Feb 2023 19:00:00 +0000

Subject: [PATCH] HID: bigben_worker() remove unneeded check on report_field

Git-commit: 27d2a2fd844ec7da70d19fabb482304fd1e0595b

Patch-mainline: v6.3-rc1

References: CVE-2023-25012 bsc#1207560

bigben_worker() checks report_field to be non-NULL.

The check has been added in commit

918aa1ef104d ("HID: bigbenff: prevent null pointer dereference")

to prevent a NULL pointer crash.

However, the true root cause was a missing check for output

reports, patched in commit

c7bf714f8755 ("HID: check empty report_list in bigben_probe()"),

where the type-confused report list_entry was overlapping with

a NULL pointer, which was then causing the crash.

Fixes: 918aa1ef104d ("HID: bigbenff: prevent null pointer dereference")

Signed-off-by: Pietro Borrello <borrello@diag.uniroma1.it>

Link: https://lore.kernel.org/r/20230125-hid-unregister-leds-v4-2-7860c5763c38@diag.uniroma1.it

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>

Acked-by: Takashi Iwai <tiwai@suse.de>

---

 drivers/hid/hid-bigbenff.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c

index ed3d2d7bc1dd..b98c5f31c184 100644

--- a/drivers/hid/hid-bigbenff.c

+++ b/drivers/hid/hid-bigbenff.c

@@ -197,7 +197,7 @@ static void bigben_worker(struct work_struct *work)

 	u32 len;

 	unsigned long flags;

-	if (bigben->removed || !report_field)

+	if (bigben->removed)

 		return;

 	buf = hid_alloc_report_buf(bigben->report, GFP_KERNEL);

-- 

2.35.3