Re: [PATCH 4/5] server: Add HID length and report to rawinput union.

Rémi Bernon rbernon@codeweavers.com writes:

@@ -3308,16 +3308,18 @@ DECL_HANDLER(get_rawinput_buffer) { struct message *msg = LIST_ENTRY( ptr, struct message, entry ); struct hardware_msg_data *data = msg->data;

•    data_size_t hid_size = data->rawinput.type != RIM_TYPEHID ? 0 : data->rawinput.hid.length;
  

•    data_size_t data_size = sizeof(*data) + hid_size;
  

You can't trust the length passed by the client.

@@ -408,9 +424,11 @@ static void dump_rawinput( const char *prefix, const union rawinput *rawinput ) rawinput->kbd.message, rawinput->kbd.vkey, rawinput->kbd.scan ); break; case RIM_TYPEHID:

•    fprintf( stderr, "%s{type=HID,device=%04x,param=%04x,page=%04hx,usage=%04hx}",
  

•    fprintf( stderr, "%s{type=HID,device=%04x,param=%04x,page=%04hx,usage=%04hx,length=%u",
              prefix, rawinput->hid.device, rawinput->hid.param, rawinput->hid.usage_page,
  

•             rawinput->hid.usage );
  

•             rawinput->hid.usage, rawinput->hid.length );
  

•    dump_varargs_bytes( ",report=", rawinput->hid.length );
  

Same here.