On 31/08/15(Mon) 19:53, Grant Czajkowski wrote:
> Hi all,
>
> This patch adds the usb control request validity checks
> already present in ugen(4) to usb(4).
Committed, thanks!
> Index: usb.c
> ===================================================================
> RCS file: /cvs/src/sys/dev/usb/usb.c,v
> retrieving revision 1.107
> diff -u -p -r1.107 usb.c
> --- usb.c 14 Mar 2015 03:38:50 -0000 1.107
> +++ usb.c 31 Aug 2015 19:37:22 -0000
> @@ -622,7 +622,15 @@ usbioctl(dev_t devt, u_long cmd, caddr_t
> return (EBADF);
>
> DPRINTF(("usbioctl: USB_REQUEST addr=%d len=%d\n", addr, len));
> - if (len < 0 || len > 32768)
> + /* Avoid requests that would damage the bus integrity. */
> + if ((ur->ucr_request.bmRequestType == UT_WRITE_DEVICE &&
> + ur->ucr_request.bRequest == UR_SET_ADDRESS) ||
> + (ur->ucr_request.bmRequestType == UT_WRITE_DEVICE &&
> + ur->ucr_request.bRequest == UR_SET_CONFIG) ||
> + (ur->ucr_request.bmRequestType == UT_WRITE_INTERFACE &&
> + ur->ucr_request.bRequest == UR_SET_INTERFACE))
> + return (EINVAL);
> + if (len < 0 || len > 32767)
> return (EINVAL);
> if (addr < 0 || addr >= USB_MAX_DEVICES)
> return (EINVAL);
>
