tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg/XhciDxe:Fix usb desc length check logic 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Evgeny Yakovlev <insoreiges@gmail.com>
This commit is contained in:
Feng Tian 2016-06-15 10:29:45 +08:00
parent f89f1dbe52
commit fd5d2dd2f5
1 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c
View File

@ -2596,6 +2596,11 @@ XhcInitializeEndpointContext (
EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
}
if (EpDesc->Length < sizeof (USB_ENDPOINT_DESCRIPTOR)) {
EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
continue;
}
EpAddr = (UINT8)(EpDesc->EndpointAddress & 0x0F);
Direction = (UINT8)((EpDesc->EndpointAddress & 0x80) ? EfiUsbDataIn : EfiUsbDataOut);
@ -2759,6 +2764,11 @@ XhcInitializeEndpointContext64 (
EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
}
if (EpDesc->Length < sizeof (USB_ENDPOINT_DESCRIPTOR)) {
EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
continue;
}
EpAddr = (UINT8)(EpDesc->EndpointAddress & 0x0F);
Direction = (UINT8)((EpDesc->EndpointAddress & 0x80) ? EfiUsbDataIn : EfiUsbDataOut);
@ -2928,6 +2938,11 @@ XhcSetConfigCmd (
IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length);
}
if (IfDesc->Length < sizeof (USB_INTERFACE_DESCRIPTOR)) {
IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length);
continue;
}
Dci = XhcInitializeEndpointContext (Xhc, SlotId, DeviceSpeed, InputContext, IfDesc);
if (Dci > MaxDci) {
MaxDci = Dci;
@ -3013,6 +3028,11 @@ XhcSetConfigCmd64 (
IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length);
}
if (IfDesc->Length < sizeof (USB_INTERFACE_DESCRIPTOR)) {
IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length);
continue;
}
Dci = XhcInitializeEndpointContext64 (Xhc, SlotId, DeviceSpeed, InputContext, IfDesc);
if (Dci > MaxDci) {
MaxDci = Dci;
@ -3261,7 +3281,7 @@ XhcSetInterface (
IfDesc = (USB_INTERFACE_DESCRIPTOR *)(ConfigDesc + 1);
while ((UINTN) IfDesc < ((UINTN) ConfigDesc + ConfigDesc->TotalLength)) {
if (IfDesc->DescriptorType == USB_DESC_TYPE_INTERFACE) {
if ((IfDesc->DescriptorType == USB_DESC_TYPE_INTERFACE) && (IfDesc->Length >= sizeof (USB_INTERFACE_DESCRIPTOR))) {
if (IfDesc->InterfaceNumber == (UINT8) Request->Index) {
if (IfDesc->AlternateSetting == Xhc->UsbDevContext[SlotId].ActiveAlternateSetting[IfDesc->InterfaceNumber]) {
//
@ -3301,6 +3321,11 @@ XhcSetInterface (
EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
}
if (EpDesc->Length < sizeof (USB_ENDPOINT_DESCRIPTOR)) {
EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
continue;
}
EpAddr = (UINT8) (EpDesc->EndpointAddress & 0x0F);
Direction = (UINT8) ((EpDesc->EndpointAddress & 0x80) ? EfiUsbDataIn : EfiUsbDataOut);
@ -3458,7 +3483,7 @@ XhcSetInterface64 (
IfDesc = (USB_INTERFACE_DESCRIPTOR *)(ConfigDesc + 1);
while ((UINTN) IfDesc < ((UINTN) ConfigDesc + ConfigDesc->TotalLength)) {
if (IfDesc->DescriptorType == USB_DESC_TYPE_INTERFACE) {
if ((IfDesc->DescriptorType == USB_DESC_TYPE_INTERFACE) && (IfDesc->Length >= sizeof (USB_INTERFACE_DESCRIPTOR))) {
if (IfDesc->InterfaceNumber == (UINT8) Request->Index) {
if (IfDesc->AlternateSetting == Xhc->UsbDevContext[SlotId].ActiveAlternateSetting[IfDesc->InterfaceNumber]) {
//
@ -3498,6 +3523,11 @@ XhcSetInterface64 (
EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
}
if (EpDesc->Length < sizeof (USB_ENDPOINT_DESCRIPTOR)) {
EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
continue;
}
EpAddr = (UINT8) (EpDesc->EndpointAddress & 0x0F);
Direction = (UINT8) ((EpDesc->EndpointAddress & 0x80) ? EfiUsbDataIn : EfiUsbDataOut);