On 05/02/14(Wed) 00:39, Thomas Pfaff wrote: > [...] > > This diff simply remove the possibility to "unconfigure" a device by > > passing the magic value to usbd_set_config_no(). There's no code in > > our three that does that so it should be enough for the moment. > > Configuration 0 should be the "unconfigured state" though according to > the libusb documentation some devices (not following the specification) > actually have a configuration 0. Not sure if that'd be an issue here.
In this particular case it wouldn't be an issue since such device would have a valid (non negative) index for their configuration. But I'm quite sure such device would generate a lot of other problems (such as leaks, parsing errors, etc). Generally our stack do a poor job at validating/parsing what the hardware is sending. It would be certainly fun to plug malicious USB devices and watch... :) > Anyway, the patch below fixes the issue. Thanks again. It's in now, thanks for testing. > > > Index: usb_subr.c > > =================================================================== > > RCS file: /cvs/src/sys/dev/usb/usb_subr.c,v > > retrieving revision 1.96 > > diff -u -p -r1.96 usb_subr.c > > --- usb_subr.c 15 Jan 2014 11:10:40 -0000 1.96 > > +++ usb_subr.c 2 Feb 2014 17:05:43 -0000 > > @@ -604,9 +604,6 @@ usbd_set_config_no(struct usbd_device *d > > usb_config_descriptor_t cd; > > usbd_status err; > > > > - if (no == USB_UNCONFIG_NO) > > - return (usbd_set_config_index(dev, USB_UNCONFIG_INDEX, msg)); > > - > > DPRINTFN(5,("usbd_set_config_no: %d\n", no)); > > /* Figure out what config index to use. */ > > for (index = 0; index < dev->ddesc.bNumConfigurations; index++) {