On Thu, Apr 11, 2024 at 02:42:59PM +0200, Oliver Neukum wrote:
> We have to ignore the higher bits in bEndpointAddress
Mention that these bits are reserved. That's why we ought to ignore
them.
Also, this is not really an example of hardening; it's more like
future-proofing the code. The existing code will work fine with a
malicious device; your real concern is about possible changes to the
spec in the future.
> Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx>
> ---
> drivers/usb/core/config.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c
> index 7f8d33f92ddb..c7056b123d46 100644
> --- a/drivers/usb/core/config.c
> +++ b/drivers/usb/core/config.c
> @@ -279,11 +279,11 @@ static int usb_parse_endpoint(struct device *ddev, int cfgno,
> goto skip_to_next_endpoint_or_interface_descriptor;
> }
>
> - i = d->bEndpointAddress & ~USB_ENDPOINT_DIR_MASK;
> - if (i >= 16 || i == 0) {
> + i = d->bEndpointAddress & 0x0f;
Use USB_ENDPOINT_NUMBER_MASK, not 0x0f.
> + if (i == 0) {
> dev_notice(ddev, "config %d interface %d altsetting %d has an "
> - "invalid endpoint with address 0x%X, skipping\n",
> - cfgno, inum, asnum, d->bEndpointAddress);
> + "invalid descriptor for the common control endpoint, skipping\n",
It would be clearer to say "endpoint 0" instead of "the common control
endpoint". (The spec uses that phrase; it doesn't mean this is the best
way of saying it.)
> + cfgno, inum, asnum);
> goto skip_to_next_endpoint_or_interface_descriptor;
> }
Otherwise this is okay.
Alan Stern
