SF.net SVN: edk2:[14863] trunk/edk2/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc. c

Mon, 18 Nov 2013 22:18:44 -0800 

Revision: 14863
          http://sourceforge.net/p/edk2/code/14863
Author:   erictian
Date:     2013-11-19 06:17:34 +0000 (Tue, 19 Nov 2013)
Log Message:
-----------
MdeModulePkg/UsbBus: Stop parsing descriptor if some of descriptor fields are 
invalid.

Signed-off-by: Feng Tian <[email protected]>
Reviewed-by: Jiewen Yao <[email protected]>

Modified Paths:
--------------
    trunk/edk2/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c

Modified: trunk/edk2/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c
===================================================================
--- trunk/edk2/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c 2013-11-19 05:52:10 UTC 
(rev 14862)
+++ trunk/edk2/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbDesc.c 2013-11-19 06:17:34 UTC 
(rev 14863)
@@ -142,15 +142,15 @@
 VOID *
 UsbCreateDesc (
   IN  UINT8               *DescBuf,
-  IN  INTN                Len,
+  IN  UINTN               Len,
   IN  UINT8               Type,
-  OUT INTN                *Consumed
+  OUT UINTN               *Consumed
   )
 {
   USB_DESC_HEAD           *Head;
-  INTN                    DescLen;
-  INTN                    CtrlLen;
-  INTN                    Offset;
+  UINTN                   DescLen;
+  UINTN                   CtrlLen;
+  UINTN                   Offset;
   VOID                    *Desc;
 
   DescLen   = 0;
@@ -188,7 +188,15 @@
 
   while ((Offset < Len) && (Head->Type != Type)) {
     Offset += Head->Len;
+    if (Len <= Offset) {
+      DEBUG (( EFI_D_ERROR, "UsbCreateDesc: met mal-format descriptor, Beyond 
boundary!\n"));
+      return NULL;
+    }
     Head    = (USB_DESC_HEAD*)(DescBuf + Offset);
+    if (Head->Len == 0) {
+      DEBUG (( EFI_D_ERROR, "UsbCreateDesc: met mal-format descriptor, 
Head->Len = 0!\n"));
+      return NULL;
+    }
   }
 
   if ((Len <= Offset)      || (Len < Offset + DescLen) ||
@@ -223,16 +231,16 @@
 USB_INTERFACE_SETTING *
 UsbParseInterfaceDesc (
   IN  UINT8               *DescBuf,
-  IN  INTN                Len,
-  OUT INTN                *Consumed
+  IN  UINTN               Len,
+  OUT UINTN               *Consumed
   )
 {
   USB_INTERFACE_SETTING   *Setting;
   USB_ENDPOINT_DESC       *Ep;
   UINTN                   Index;
   UINTN                   NumEp;
-  INTN                    Used;
-  INTN                    Offset;
+  UINTN                   Used;
+  UINTN                   Offset;
 
   *Consumed = 0;
   Setting   = UsbCreateDesc (DescBuf, Len, USB_DESC_TYPE_INTERFACE, &Used);
@@ -265,7 +273,7 @@
   //
   // Create the endpoints for this interface
   //
-  for (Index = 0; Index < NumEp; Index++) {
+  for (Index = 0; (Index < NumEp) && (Offset < Len); Index++) {
     Ep = UsbCreateDesc (DescBuf + Offset, Len - Offset, 
USB_DESC_TYPE_ENDPOINT, &Used);
 
     if (Ep == NULL) {
@@ -300,7 +308,7 @@
 USB_CONFIG_DESC *
 UsbParseConfigDesc (
   IN UINT8                *DescBuf,
-  IN INTN                 Len
+  IN UINTN                Len
   )
 {
   USB_CONFIG_DESC         *Config;
@@ -308,7 +316,7 @@
   USB_INTERFACE_DESC      *Interface;
   UINTN                   Index;
   UINTN                   NumIf;
-  INTN                    Consumed;
+  UINTN                   Consumed;
 
   ASSERT (DescBuf != NULL);
 

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

Reply via email to