UsbBus: Deny when the string descriptor length is odd

Ruiyu Ni Mon, 15 Oct 2018 22:44:01 -0700

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Star Zeng <[email protected]>
---
 MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)


diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c 
b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c
index 9fc6422ab1..22b6a9d661 100644
--- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c
+++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c
@@ -655,7 +655,13 @@ UsbGetOneString (
   //
   Status = UsbCtrlGetDesc (UsbDev, USB_DESC_TYPE_STRING, Index, LangId, &Desc, 
2);
 
-  if (EFI_ERROR (Status)) {
+  //
+  // Reject if Length even cannot cover itself, or odd because Unicode string 
byte length should be even.
+  //
+  if (EFI_ERROR (Status) || 
+      (Desc.Length < OFFSET_OF (EFI_USB_STRING_DESCRIPTOR, Length) + sizeof 
(Desc.Length)) ||
+      (Desc.Length % 2 != 0)
+    ) {
     return NULL;
   }
 
-- 
2.16.1.windows.1

_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH v2 10/12] MdeModulePkg/UsbBus: Deny when the string descriptor length is odd

Reply via email to