tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg/UsbKb: Don't access key codes when length is wrong 

Per USB HID spec, the buffer holding key codes should be 8-byte
long.
Today's code assumes that the key codes buffer length is 8-byte
long and unconditionally accesses the key codes buffer.
It's incorrect.
The patch fixes the issue by returning Device Error when the
length is less than 8-byte.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Steven Shi <steven.shi@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
This commit is contained in:
Ruiyu Ni 2018-09-13 15:49:23 +08:00
parent 4d2b506631
commit 8bcbe587e7
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
MdeModulePkg/Bus/Usb/UsbKbDxe/KeyBoard.c
View File

@ -1059,6 +1059,10 @@ KeyboardHandler (
// Byte 1 is reserved. // Byte 1 is reserved.
// Bytes 2 to 7 are keycodes. // Bytes 2 to 7 are keycodes.
// //
if (DataLength < 8) {
return EFI_DEVICE_ERROR;
}
CurKeyCodeBuffer = (UINT8 *) Data; CurKeyCodeBuffer = (UINT8 *) Data;
OldKeyCodeBuffer = UsbKeyboardDevice->LastKeyCodeArray; OldKeyCodeBuffer = UsbKeyboardDevice->LastKeyCodeArray;