From patchwork Fri Nov 26 18:13:20 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans de Goede X-Patchwork-Id: 73212 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 5EFA0B70D5 for ; Sat, 27 Nov 2010 05:11:58 +1100 (EST) Received: from localhost ([127.0.0.1]:43835 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PM2m3-0005rz-Gu for incoming@patchwork.ozlabs.org; Fri, 26 Nov 2010 13:11:55 -0500 Received: from [140.186.70.92] (port=35692 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PM2ky-0005ol-CQ for qemu-devel@nongnu.org; Fri, 26 Nov 2010 13:10:49 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PM2kx-0002BS-5m for qemu-devel@nongnu.org; Fri, 26 Nov 2010 13:10:48 -0500 Received: from mx1.redhat.com ([209.132.183.28]:43632) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PM2kw-0002BH-VA for qemu-devel@nongnu.org; Fri, 26 Nov 2010 13:10:47 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id oAQIAjhK011179 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 26 Nov 2010 13:10:45 -0500 Received: from shalem.localdomain (vpn1-7-82.ams2.redhat.com [10.36.7.82]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id oAQIAcbU009779; Fri, 26 Nov 2010 13:10:43 -0500 From: Hans de Goede To: qemu-devel@nongnu.org Date: Fri, 26 Nov 2010 19:13:20 +0100 Message-Id: <1290795203-2597-4-git-send-email-hdegoede@redhat.com> In-Reply-To: <1290795203-2597-1-git-send-email-hdegoede@redhat.com> References: <1290795203-2597-1-git-send-email-hdegoede@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. Cc: spice-devel@lists.freedesktop.org, Gerd Hoffmann , Hans de Goede Subject: [Qemu-devel] [PATCH 4/7] usb-linux: Refuse packets for endpoints which are not in the usb descriptor X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org If an endpoint is not in the usb descriptor we've no idea what kind of endpoint it is and thus how to handle it, refuse packages in this case. Signed-off-by: Hans de Goede --- usb-linux.c | 13 +++++++++++++ 1 files changed, 13 insertions(+), 0 deletions(-) diff --git a/usb-linux.c b/usb-linux.c index 96aa1ed..8513ace 100644 --- a/usb-linux.c +++ b/usb-linux.c @@ -94,6 +94,7 @@ static int usb_fs_type; /* endpoint association data */ #define ISO_FRAME_DESC_PER_URB 32 #define ISO_URB_COUNT 3 +#define INVALID_EP_TYPE 255 typedef struct AsyncURB AsyncURB; @@ -168,6 +169,11 @@ static int is_isoc(USBHostDevice *s, int ep) return s->endp_table[ep - 1].type == USBDEVFS_URB_TYPE_ISO; } +static int is_valid(USBHostDevice *s, int ep) +{ + return s->endp_table[ep - 1].type != INVALID_EP_TYPE; +} + static int is_halted(USBHostDevice *s, int ep) { return s->endp_table[ep - 1].halted; @@ -610,6 +616,10 @@ static int usb_host_handle_data(USBHostDevice *s, USBPacket *p) int ret; uint8_t ep; + if (!is_valid(s, p->devep)) { + return USB_RET_NAK; + } + if (p->pid == USB_TOKEN_IN) { ep = p->devep | 0x80; } else { @@ -1070,6 +1080,9 @@ static int usb_linux_update_endp_table(USBHostDevice *s) uint8_t devep, type, configuration, alt_interface; int interface, length, i; + for (i = 0; i < MAX_ENDPOINTS; i++) + s->endp_table[i].type = INVALID_EP_TYPE; + i = usb_linux_get_configuration(s); if (i < 0) return 1;