aboutsummaryrefslogtreecommitdiff
path: root/usb-linux.c
diff options
context:
space:
mode:
authorHans de Goede <hdegoede@redhat.com>2010-11-26 14:56:17 +0100
committerGerd Hoffmann <kraxel@redhat.com>2011-05-04 12:25:24 +0200
commita0b5fece8afe7deca08cbca97e2a4015d7f0038e (patch)
tree2561813e3caf7e7910dc712f5f18d1849c617904 /usb-linux.c
parent060dc841d117e2a2868ef50d0d30e01c90051a6f (diff)
downloadqemu-a0b5fece8afe7deca08cbca97e2a4015d7f0038e.zip
qemu-a0b5fece8afe7deca08cbca97e2a4015d7f0038e.tar.gz
qemu-a0b5fece8afe7deca08cbca97e2a4015d7f0038e.tar.bz2
usb-linux: Refuse packets for endpoints which are not in the usb descriptor
If an endpoint is not in the usb descriptor we've no idea what kind of endpoint it is and thus how to handle it, refuse packages in this case. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Diffstat (limited to 'usb-linux.c')
-rw-r--r--usb-linux.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/usb-linux.c b/usb-linux.c
index a68603d..6aef7a5 100644
--- a/usb-linux.c
+++ b/usb-linux.c
@@ -94,6 +94,7 @@ static int usb_fs_type;
/* endpoint association data */
#define ISO_FRAME_DESC_PER_URB 32
#define ISO_URB_COUNT 3
+#define INVALID_EP_TYPE 255
typedef struct AsyncURB AsyncURB;
@@ -168,6 +169,11 @@ static int is_isoc(USBHostDevice *s, int ep)
return s->endp_table[ep - 1].type == USBDEVFS_URB_TYPE_ISO;
}
+static int is_valid(USBHostDevice *s, int ep)
+{
+ return s->endp_table[ep - 1].type != INVALID_EP_TYPE;
+}
+
static int is_halted(USBHostDevice *s, int ep)
{
return s->endp_table[ep - 1].halted;
@@ -611,6 +617,10 @@ static int usb_host_handle_data(USBHostDevice *s, USBPacket *p)
int ret;
uint8_t ep;
+ if (!is_valid(s, p->devep)) {
+ return USB_RET_NAK;
+ }
+
if (p->pid == USB_TOKEN_IN) {
ep = p->devep | 0x80;
} else {
@@ -1071,6 +1081,9 @@ static int usb_linux_update_endp_table(USBHostDevice *s)
uint8_t devep, type, configuration, alt_interface;
int interface, length, i;
+ for (i = 0; i < MAX_ENDPOINTS; i++)
+ s->endp_table[i].type = INVALID_EP_TYPE;
+
i = usb_linux_get_configuration(s);
if (i < 0)
return 1;