diff options
| author | Kevin O'Connor <kevin@koconnor.net> | 2018-09-30 15:37:55 -0400 |
|---|---|---|
| committer | Kevin O'Connor <kevin@koconnor.net> | 2018-09-30 22:32:19 -0400 |
| commit | c0311bee338a433295a56241f29c1acbf52f0930 (patch) | |
| tree | 3c701e16b611fe1a431de8045783ff959aca17aa | |
| parent | 93e489704413f2b58baba08a6e1c0823606e4cc5 (diff) | |
| download | kutter-c0311bee338a433295a56241f29c1acbf52f0930.tar.gz kutter-c0311bee338a433295a56241f29c1acbf52f0930.tar.xz kutter-c0311bee338a433295a56241f29c1acbf52f0930.zip | |
usb_cdc: Perform basic request validation
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
| -rw-r--r-- | src/generic/usb_cdc.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/src/generic/usb_cdc.c b/src/generic/usb_cdc.c index a87ab810..07b38d0e 100644 --- a/src/generic/usb_cdc.c +++ b/src/generic/usb_cdc.c @@ -355,7 +355,8 @@ usb_do_xfer(void *data, uint_fast8_t size, uint_fast8_t flags) static void usb_req_get_descriptor(struct usb_ctrlrequest *req) { - // XXX - validate req + if (req->bRequestType != USB_DIR_IN) + goto fail; uint_fast8_t i; for (i=0; i<ARRAY_SIZE(cdc_descriptors); i++) { const struct descriptor_s *d = &cdc_descriptors[i]; @@ -371,18 +372,27 @@ usb_req_get_descriptor(struct usb_ctrlrequest *req) return; } } +fail: usb_do_stall(); } static void usb_req_set_address(struct usb_ctrlrequest *req) { + if (req->bRequestType || req->wIndex || req->wLength) { + usb_do_stall(); + return; + } usb_set_address(req->wValue); } static void usb_req_set_configuration(struct usb_ctrlrequest *req) { + if (req->bRequestType || req->wValue != 1 || req->wIndex || req->wLength) { + usb_do_stall(); + return; + } usb_set_configure(); usb_notify_bulk_in(); usb_do_xfer(NULL, 0, UX_SEND); @@ -393,18 +403,32 @@ static struct usb_cdc_line_coding line_coding; static void usb_req_set_line_coding(struct usb_ctrlrequest *req) { + if (req->bRequestType != 0x21 || req->wValue || req->wIndex + || req->wLength != sizeof(line_coding)) { + usb_do_stall(); + return; + } usb_do_xfer(&line_coding, sizeof(line_coding), UX_READ); } static void usb_req_get_line_coding(struct usb_ctrlrequest *req) { + if (req->bRequestType != 0xa1 || req->wValue || req->wIndex + || req->wLength < sizeof(line_coding)) { + usb_do_stall(); + return; + } usb_do_xfer(&line_coding, sizeof(line_coding), UX_SEND); } static void usb_req_set_line(struct usb_ctrlrequest *req) { + if (req->bRequestType != 0x21 || req->wIndex || req->wLength) { + usb_do_stall(); + return; + } usb_do_xfer(NULL, 0, UX_SEND); } |