diff options
author | Gerd Hoffmann <kraxel@redhat.com> | 2017-02-16 14:13:38 +0100 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2017-02-21 08:11:43 +0100 |
commit | 7569c54642e8aa9fa03e250c7c578bd4d3747f00 (patch) | |
tree | befefc4d9168e9b7a674c30999befdb4b5ddd947 /hw/usb | |
parent | 0aeebc73b7976bae5cb7e9768e3d9a0fd9d634e8 (diff) | |
download | qemu-7569c54642e8aa9fa03e250c7c578bd4d3747f00.zip qemu-7569c54642e8aa9fa03e250c7c578bd4d3747f00.tar.gz qemu-7569c54642e8aa9fa03e250c7c578bd4d3747f00.tar.bz2 |
usb-ccid: move header size check
Move up header size check, so we can use header fields in sanity checks
(in followup patches). Also reword the debug message.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1487250819-23764-3-git-send-email-kraxel@redhat.com
Diffstat (limited to 'hw/usb')
-rw-r--r-- | hw/usb/dev-smartcard-reader.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c index badcfcb..1acc1fb 100644 --- a/hw/usb/dev-smartcard-reader.c +++ b/hw/usb/dev-smartcard-reader.c @@ -1003,21 +1003,20 @@ static void ccid_handle_bulk_out(USBCCIDState *s, USBPacket *p) if (p->iov.size + s->bulk_out_pos > BULK_OUT_DATA_SIZE) { goto err; } - ccid_header = (CCID_Header *)s->bulk_out_data; usb_packet_copy(p, s->bulk_out_data + s->bulk_out_pos, p->iov.size); s->bulk_out_pos += p->iov.size; + if (s->bulk_out_pos < 10) { + DPRINTF(s, 1, "%s: header incomplete\n", __func__); + goto err; + } + + ccid_header = (CCID_Header *)s->bulk_out_data; if (p->iov.size == CCID_MAX_PACKET_SIZE) { DPRINTF(s, D_VERBOSE, "usb-ccid: bulk_in: expecting more packets (%zd/%d)\n", p->iov.size, ccid_header->dwLength); return; } - if (s->bulk_out_pos < 10) { - DPRINTF(s, 1, - "%s: bad USB_TOKEN_OUT length, should be at least 10 bytes\n", - __func__); - goto err; - } DPRINTF(s, D_MORE_INFO, "%s %x %s\n", __func__, ccid_header->bMessageType, |