ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-01-18 18:56:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lx_emul: validate USB endpoint and settings param

Browse Source 
to avoid pagefaults and general protection faults on access to unpaged memory
regions.

Fixes #4596
This commit is contained in:
Alexander Boettcher 2022-08-30 11:07:47 +02:00 committed by Christian Helmuth
parent b888c95024
commit 354667bb6d
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
repos/dde_linux/src/lib/lx_emul/usb.c
View File

@ -129,7 +129,7 @@ static int interface_descriptor(genode_usb_bus_num_t bus,
{ {
struct usb_interface * iface = interface(bus, dev, index); struct usb_interface * iface = interface(bus, dev, index);
if (!iface) if (!iface || setting >= iface->num_altsetting)
return -1; return -1;
memcpy(buf, &iface->altsetting[setting].desc, memcpy(buf, &iface->altsetting[setting].desc,
@ -148,7 +148,7 @@ static int interface_extra(genode_usb_bus_num_t bus,
struct usb_interface * iface = interface(bus, dev, index); struct usb_interface * iface = interface(bus, dev, index);
unsigned long len; unsigned long len;
if (!iface) if (!iface || setting >= iface->num_altsetting)
return -1; return -1;
len = min((unsigned long)iface->altsetting[setting].extralen, size); len = min((unsigned long)iface->altsetting[setting].extralen, size);
@ -173,9 +173,13 @@ static int endpoint_descriptor(genode_usb_bus_num_t bus,
if (!iface) if (!iface)
return -2; return -2;
if (setting >= iface->num_altsetting ||
endp >= iface->altsetting[setting].desc.bNumEndpoints)
return -3;
ep = &iface->altsetting[setting].endpoint[endp]; ep = &iface->altsetting[setting].endpoint[endp];
if (!ep) if (!ep)
return -3; return -4;
memcpy(buf, &ep->desc, memcpy(buf, &ep->desc,
min(sizeof(struct usb_endpoint_descriptor), size)); min(sizeof(struct usb_endpoint_descriptor), size));