diff options
author | Takashi Iwai <tiwai@suse.de> | 2018-04-04 07:18:44 +0200 |
---|---|---|
committer | Takashi Iwai <tiwai@suse.de> | 2018-04-07 13:07:11 +0200 |
commit | f5d76e9c40fd8791202d31c66a63f6f7ebbb8dcb (patch) | |
tree | 564bc879bdffa4aaaa01ec5f43b5b8d1f63a8ec1 /sound | |
parent | f7645bd636d06f64f3eadb63cf1c8145219fdc58 (diff) | |
download | linux-stable-f5d76e9c40fd8791202d31c66a63f6f7ebbb8dcb.tar.gz linux-stable-f5d76e9c40fd8791202d31c66a63f6f7ebbb8dcb.tar.bz2 linux-stable-f5d76e9c40fd8791202d31c66a63f6f7ebbb8dcb.zip |
ALSA: usb-audio: More strict sanity checks for clock parsers
The sanity checks introduced for malformed descriptors loosely check
the given descriptor size, although the size greater than the defined
description is invalid. It was due to a concern of any funky firmware
in the actual products. But this doesn't look hitting, and any sane
products must have the defined descriptors.
So in this patch, we make the validators more strict, allowing only
with the defined descriptor sizes. The value in clock selector
validator is corrected from 5 to 7 to count the two unlisted fields
after baCSourceID[].
Suggested-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Reviewed-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Diffstat (limited to 'sound')
-rw-r--r-- | sound/usb/clock.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sound/usb/clock.c b/sound/usb/clock.c index 27c2275a2505..30cfd5b1bdfb 100644 --- a/sound/usb/clock.c +++ b/sound/usb/clock.c @@ -52,7 +52,7 @@ static void *find_uac_clock_desc(struct usb_host_interface *iface, int id, static bool validate_clock_source_v2(void *p, int id) { struct uac_clock_source_descriptor *cs = p; - return cs->bLength >= sizeof(*cs) && cs->bClockID == id; + return cs->bLength == sizeof(*cs) && cs->bClockID == id; } static bool validate_clock_source_v3(void *p, int id) @@ -65,7 +65,7 @@ static bool validate_clock_selector_v2(void *p, int id) { struct uac_clock_selector_descriptor *cs = p; return cs->bLength >= sizeof(*cs) && cs->bClockID == id && - cs->bLength >= 5 + cs->bNrInPins; + cs->bLength == 7 + cs->bNrInPins; } static bool validate_clock_selector_v3(void *p, int id) @@ -77,7 +77,7 @@ static bool validate_clock_selector_v3(void *p, int id) static bool validate_clock_multiplier_v2(void *p, int id) { struct uac_clock_multiplier_descriptor *cs = p; - return cs->bLength >= sizeof(*cs) && cs->bClockID == id; + return cs->bLength == sizeof(*cs) && cs->bClockID == id; } static bool validate_clock_multiplier_v3(void *p, int id) |