HID: fix incorrent length condition in hidraw_write() The bound check on the buffer length if (count > HID_MIN_BUFFER_SIZE) is of course incorrent, the proper check is if (count > HID_MAX_BUFFER_SIZE) Fix it. Reported-by: Jerry Ryle <jerry@mindtribe.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>

commit: 2b107d629dc0c35de606bb7b010b829cd247a93a [log] [tgz]
author: Jiri Kosina <jkosina@suse.cz> Wed Sep 17 19:41:58 2008 +0200
committer: Jiri Kosina <jkosina@suse.cz> Tue Oct 14 23:51:00 2008 +0200
tree: c287d509c0a16a2c7d30b00d413a8a3b81e5188a
parent: d92870ddd248e8c2562a8c4047885d3ad221ece7 [diff]
diff --git a/drivers/hid/hidraw.c b/drivers/hid/hidraw.c
index 4be240e..497e0d1 100644
--- a/drivers/hid/hidraw.c
+++ b/drivers/hid/hidraw.c

@@ -113,7 +113,7 @@
 	if (!dev->hid_output_raw_report)
 		return -ENODEV;
 
-	if (count > HID_MIN_BUFFER_SIZE) {
+	if (count > HID_MAX_BUFFER_SIZE) {
 		printk(KERN_WARNING "hidraw: pid %d passed too large report\n",
 				task_pid_nr(current));
 		return -EINVAL;
commit	2b107d629dc0c35de606bb7b010b829cd247a93a	[log] [tgz]
author	Jiri Kosina <jkosina@suse.cz>	Wed Sep 17 19:41:58 2008 +0200
committer	Jiri Kosina <jkosina@suse.cz>	Tue Oct 14 23:51:00 2008 +0200
tree	c287d509c0a16a2c7d30b00d413a8a3b81e5188a
parent	d92870ddd248e8c2562a8c4047885d3ad221ece7 [diff]