summaryrefslogtreecommitdiffstats
path: root/sound
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2018-04-04 07:18:44 +0200
committerTakashi Iwai <tiwai@suse.de>2018-04-07 13:07:11 +0200
commitf5d76e9c40fd8791202d31c66a63f6f7ebbb8dcb (patch)
tree564bc879bdffa4aaaa01ec5f43b5b8d1f63a8ec1 /sound
parentf7645bd636d06f64f3eadb63cf1c8145219fdc58 (diff)
downloadlinux-stable-f5d76e9c40fd8791202d31c66a63f6f7ebbb8dcb.tar.gz
linux-stable-f5d76e9c40fd8791202d31c66a63f6f7ebbb8dcb.tar.bz2
linux-stable-f5d76e9c40fd8791202d31c66a63f6f7ebbb8dcb.zip
ALSA: usb-audio: More strict sanity checks for clock parsers
The sanity checks introduced for malformed descriptors loosely check the given descriptor size, although the size greater than the defined description is invalid. It was due to a concern of any funky firmware in the actual products. But this doesn't look hitting, and any sane products must have the defined descriptors. So in this patch, we make the validators more strict, allowing only with the defined descriptor sizes. The value in clock selector validator is corrected from 5 to 7 to count the two unlisted fields after baCSourceID[]. Suggested-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Reviewed-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
Diffstat (limited to 'sound')
-rw-r--r--sound/usb/clock.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/sound/usb/clock.c b/sound/usb/clock.c
index 27c2275a2505..30cfd5b1bdfb 100644
--- a/sound/usb/clock.c
+++ b/sound/usb/clock.c
@@ -52,7 +52,7 @@ static void *find_uac_clock_desc(struct usb_host_interface *iface, int id,
static bool validate_clock_source_v2(void *p, int id)
{
struct uac_clock_source_descriptor *cs = p;
- return cs->bLength >= sizeof(*cs) && cs->bClockID == id;
+ return cs->bLength == sizeof(*cs) && cs->bClockID == id;
}
static bool validate_clock_source_v3(void *p, int id)
@@ -65,7 +65,7 @@ static bool validate_clock_selector_v2(void *p, int id)
{
struct uac_clock_selector_descriptor *cs = p;
return cs->bLength >= sizeof(*cs) && cs->bClockID == id &&
- cs->bLength >= 5 + cs->bNrInPins;
+ cs->bLength == 7 + cs->bNrInPins;
}
static bool validate_clock_selector_v3(void *p, int id)
@@ -77,7 +77,7 @@ static bool validate_clock_selector_v3(void *p, int id)
static bool validate_clock_multiplier_v2(void *p, int id)
{
struct uac_clock_multiplier_descriptor *cs = p;
- return cs->bLength >= sizeof(*cs) && cs->bClockID == id;
+ return cs->bLength == sizeof(*cs) && cs->bClockID == id;
}
static bool validate_clock_multiplier_v3(void *p, int id)