diff options
author | Hans de Goede <hdegoede@redhat.com> | 2010-11-26 14:56:17 +0100 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2011-05-04 12:25:24 +0200 |
commit | a0b5fece8afe7deca08cbca97e2a4015d7f0038e (patch) | |
tree | 2561813e3caf7e7910dc712f5f18d1849c617904 /usb-linux.c | |
parent | 060dc841d117e2a2868ef50d0d30e01c90051a6f (diff) | |
download | qemu-a0b5fece8afe7deca08cbca97e2a4015d7f0038e.zip qemu-a0b5fece8afe7deca08cbca97e2a4015d7f0038e.tar.gz qemu-a0b5fece8afe7deca08cbca97e2a4015d7f0038e.tar.bz2 |
usb-linux: Refuse packets for endpoints which are not in the usb descriptor
If an endpoint is not in the usb descriptor we've no idea what kind of
endpoint it is and thus how to handle it, refuse packages in this case.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Diffstat (limited to 'usb-linux.c')
-rw-r--r-- | usb-linux.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/usb-linux.c b/usb-linux.c index a68603d..6aef7a5 100644 --- a/usb-linux.c +++ b/usb-linux.c @@ -94,6 +94,7 @@ static int usb_fs_type; /* endpoint association data */ #define ISO_FRAME_DESC_PER_URB 32 #define ISO_URB_COUNT 3 +#define INVALID_EP_TYPE 255 typedef struct AsyncURB AsyncURB; @@ -168,6 +169,11 @@ static int is_isoc(USBHostDevice *s, int ep) return s->endp_table[ep - 1].type == USBDEVFS_URB_TYPE_ISO; } +static int is_valid(USBHostDevice *s, int ep) +{ + return s->endp_table[ep - 1].type != INVALID_EP_TYPE; +} + static int is_halted(USBHostDevice *s, int ep) { return s->endp_table[ep - 1].halted; @@ -611,6 +617,10 @@ static int usb_host_handle_data(USBHostDevice *s, USBPacket *p) int ret; uint8_t ep; + if (!is_valid(s, p->devep)) { + return USB_RET_NAK; + } + if (p->pid == USB_TOKEN_IN) { ep = p->devep | 0x80; } else { @@ -1071,6 +1081,9 @@ static int usb_linux_update_endp_table(USBHostDevice *s) uint8_t devep, type, configuration, alt_interface; int interface, length, i; + for (i = 0; i < MAX_ENDPOINTS; i++) + s->endp_table[i].type = INVALID_EP_TYPE; + i = usb_linux_get_configuration(s); if (i < 0) return 1; |