tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg/UsbBus: Stop parsing descriptor if some of descriptor fields are invalid. 

Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14863 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Feng Tian 2013-11-19 06:17:34 +00:00 committed by erictian
parent 0b10bb6f43
commit 4de9d87647
1 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c
View File

@ -142,15 +142,15 @@ UsbFreeDevDesc (
VOID * VOID *
UsbCreateDesc ( UsbCreateDesc (
IN UINT8 *DescBuf, IN UINT8 *DescBuf,
IN INTN Len, IN UINTN Len,
IN UINT8 Type, IN UINT8 Type,
OUT INTN *Consumed OUT UINTN *Consumed
) )
{ {
USB_DESC_HEAD *Head; USB_DESC_HEAD *Head;
INTN DescLen; UINTN DescLen;
INTN CtrlLen; UINTN CtrlLen;
INTN Offset; UINTN Offset;
VOID *Desc; VOID *Desc;
DescLen = 0; DescLen = 0;
@ -188,7 +188,15 @@ UsbCreateDesc (
while ((Offset < Len) && (Head->Type != Type)) { while ((Offset < Len) && (Head->Type != Type)) {
Offset += Head->Len; Offset += Head->Len;
if (Len <= Offset) {
DEBUG (( EFI_D_ERROR, "UsbCreateDesc: met mal-format descriptor, Beyond boundary!\n"));
return NULL;
}
Head = (USB_DESC_HEAD*)(DescBuf + Offset); Head = (USB_DESC_HEAD*)(DescBuf + Offset);
if (Head->Len == 0) {
DEBUG (( EFI_D_ERROR, "UsbCreateDesc: met mal-format descriptor, Head->Len = 0!\n"));
return NULL;
}
} }
if ((Len <= Offset) || (Len < Offset + DescLen) || if ((Len <= Offset) || (Len < Offset + DescLen) ||
@ -223,16 +231,16 @@ UsbCreateDesc (
USB_INTERFACE_SETTING * USB_INTERFACE_SETTING *
UsbParseInterfaceDesc ( UsbParseInterfaceDesc (
IN UINT8 *DescBuf, IN UINT8 *DescBuf,
IN INTN Len, IN UINTN Len,
OUT INTN *Consumed OUT UINTN *Consumed
) )
{ {
USB_INTERFACE_SETTING *Setting; USB_INTERFACE_SETTING *Setting;
USB_ENDPOINT_DESC *Ep; USB_ENDPOINT_DESC *Ep;
UINTN Index; UINTN Index;
UINTN NumEp; UINTN NumEp;
INTN Used; UINTN Used;
INTN Offset; UINTN Offset;
*Consumed = 0; *Consumed = 0;
Setting = UsbCreateDesc (DescBuf, Len, USB_DESC_TYPE_INTERFACE, &Used); Setting = UsbCreateDesc (DescBuf, Len, USB_DESC_TYPE_INTERFACE, &Used);
@ -265,7 +273,7 @@ UsbParseInterfaceDesc (
// //
// Create the endpoints for this interface // Create the endpoints for this interface
// //
for (Index = 0; Index < NumEp; Index++) { for (Index = 0; (Index < NumEp) && (Offset < Len); Index++) {
Ep = UsbCreateDesc (DescBuf + Offset, Len - Offset, USB_DESC_TYPE_ENDPOINT, &Used); Ep = UsbCreateDesc (DescBuf + Offset, Len - Offset, USB_DESC_TYPE_ENDPOINT, &Used);
if (Ep == NULL) { if (Ep == NULL) {
@ -300,7 +308,7 @@ ON_ERROR:
USB_CONFIG_DESC * USB_CONFIG_DESC *
UsbParseConfigDesc ( UsbParseConfigDesc (
IN UINT8 *DescBuf, IN UINT8 *DescBuf,
IN INTN Len IN UINTN Len
) )
{ {
USB_CONFIG_DESC *Config; USB_CONFIG_DESC *Config;
@ -308,7 +316,7 @@ UsbParseConfigDesc (
USB_INTERFACE_DESC *Interface; USB_INTERFACE_DESC *Interface;
UINTN Index; UINTN Index;
UINTN NumIf; UINTN NumIf;
INTN Consumed; UINTN Consumed;
ASSERT (DescBuf != NULL); ASSERT (DescBuf != NULL);