diff options
author | Feng Tian <feng.tian@intel.com> | 2016-06-15 10:29:45 +0800 |
---|---|---|
committer | Feng Tian <feng.tian@intel.com> | 2016-06-29 10:37:22 +0800 |
commit | fd5d2dd2f55eedb3cf6001cc00587020c90411f5 (patch) | |
tree | 1decdd11b7f304c141fa0844ecf7974e17ef5f7d /MdeModulePkg/Bus | |
parent | f89f1dbe5205f7bb7878a9e8b9149d3a6a894104 (diff) | |
download | edk2-platforms-fd5d2dd2f55eedb3cf6001cc00587020c90411f5.tar.xz |
MdeModulePkg/XhciDxe:Fix usb desc length check logic
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Evgeny Yakovlev <insoreiges@gmail.com>
Diffstat (limited to 'MdeModulePkg/Bus')
-rw-r--r-- | MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c b/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c index c25342dc1f..1130b6aac1 100644 --- a/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c +++ b/MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c @@ -2596,6 +2596,11 @@ XhcInitializeEndpointContext ( EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
}
+ if (EpDesc->Length < sizeof (USB_ENDPOINT_DESCRIPTOR)) {
+ EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
+ continue;
+ }
+
EpAddr = (UINT8)(EpDesc->EndpointAddress & 0x0F);
Direction = (UINT8)((EpDesc->EndpointAddress & 0x80) ? EfiUsbDataIn : EfiUsbDataOut);
@@ -2759,6 +2764,11 @@ XhcInitializeEndpointContext64 ( EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
}
+ if (EpDesc->Length < sizeof (USB_ENDPOINT_DESCRIPTOR)) {
+ EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
+ continue;
+ }
+
EpAddr = (UINT8)(EpDesc->EndpointAddress & 0x0F);
Direction = (UINT8)((EpDesc->EndpointAddress & 0x80) ? EfiUsbDataIn : EfiUsbDataOut);
@@ -2928,6 +2938,11 @@ XhcSetConfigCmd ( IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length);
}
+ if (IfDesc->Length < sizeof (USB_INTERFACE_DESCRIPTOR)) {
+ IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length);
+ continue;
+ }
+
Dci = XhcInitializeEndpointContext (Xhc, SlotId, DeviceSpeed, InputContext, IfDesc);
if (Dci > MaxDci) {
MaxDci = Dci;
@@ -3013,6 +3028,11 @@ XhcSetConfigCmd64 ( IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length);
}
+ if (IfDesc->Length < sizeof (USB_INTERFACE_DESCRIPTOR)) {
+ IfDesc = (USB_INTERFACE_DESCRIPTOR *)((UINTN)IfDesc + IfDesc->Length);
+ continue;
+ }
+
Dci = XhcInitializeEndpointContext64 (Xhc, SlotId, DeviceSpeed, InputContext, IfDesc);
if (Dci > MaxDci) {
MaxDci = Dci;
@@ -3261,7 +3281,7 @@ XhcSetInterface ( IfDesc = (USB_INTERFACE_DESCRIPTOR *)(ConfigDesc + 1);
while ((UINTN) IfDesc < ((UINTN) ConfigDesc + ConfigDesc->TotalLength)) {
- if (IfDesc->DescriptorType == USB_DESC_TYPE_INTERFACE) {
+ if ((IfDesc->DescriptorType == USB_DESC_TYPE_INTERFACE) && (IfDesc->Length >= sizeof (USB_INTERFACE_DESCRIPTOR))) {
if (IfDesc->InterfaceNumber == (UINT8) Request->Index) {
if (IfDesc->AlternateSetting == Xhc->UsbDevContext[SlotId].ActiveAlternateSetting[IfDesc->InterfaceNumber]) {
//
@@ -3301,6 +3321,11 @@ XhcSetInterface ( EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
}
+ if (EpDesc->Length < sizeof (USB_ENDPOINT_DESCRIPTOR)) {
+ EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
+ continue;
+ }
+
EpAddr = (UINT8) (EpDesc->EndpointAddress & 0x0F);
Direction = (UINT8) ((EpDesc->EndpointAddress & 0x80) ? EfiUsbDataIn : EfiUsbDataOut);
@@ -3458,7 +3483,7 @@ XhcSetInterface64 ( IfDesc = (USB_INTERFACE_DESCRIPTOR *)(ConfigDesc + 1);
while ((UINTN) IfDesc < ((UINTN) ConfigDesc + ConfigDesc->TotalLength)) {
- if (IfDesc->DescriptorType == USB_DESC_TYPE_INTERFACE) {
+ if ((IfDesc->DescriptorType == USB_DESC_TYPE_INTERFACE) && (IfDesc->Length >= sizeof (USB_INTERFACE_DESCRIPTOR))) {
if (IfDesc->InterfaceNumber == (UINT8) Request->Index) {
if (IfDesc->AlternateSetting == Xhc->UsbDevContext[SlotId].ActiveAlternateSetting[IfDesc->InterfaceNumber]) {
//
@@ -3498,6 +3523,11 @@ XhcSetInterface64 ( EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
}
+ if (EpDesc->Length < sizeof (USB_ENDPOINT_DESCRIPTOR)) {
+ EpDesc = (USB_ENDPOINT_DESCRIPTOR *)((UINTN)EpDesc + EpDesc->Length);
+ continue;
+ }
+
EpAddr = (UINT8) (EpDesc->EndpointAddress & 0x0F);
Direction = (UINT8) ((EpDesc->EndpointAddress & 0x80) ? EfiUsbDataIn : EfiUsbDataOut);
|