git: fcca9fd98ce4 - main - usbhid(4): Be more restrictive about what requests are allowed from user-space.

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Hans Petter Selasky <hselasky_at_FreeBSD.org>
Date: Thu, 03 Mar 2022 09:25:48 UTC

The branch main has been updated by hselasky:

URL: https://cgit.FreeBSD.org/src/commit/?id=fcca9fd98ce40d586e3b0147ba880b9104589269

commit fcca9fd98ce40d586e3b0147ba880b9104589269
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2022-03-03 09:24:02 +0000
Commit:     Hans Petter Selasky <hselasky@FreeBSD.org>
CommitDate: 2022-03-03 09:24:43 +0000

    usbhid(4): Be more restrictive about what requests are allowed from user-space.
    
    MFC after:      1 month
    Sponsored by:   NVIDIA Networking
---
 sys/dev/usb/input/usbhid.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/dev/usb/input/usbhid.c b/sys/dev/usb/input/usbhid.c
index ed76f6291a11..3b7886f0fada 100644
--- a/sys/dev/usb/input/usbhid.c
+++ b/sys/dev/usb/input/usbhid.c
@@ -69,6 +69,7 @@ __FBSDID("$FreeBSD$");
 #include <dev/usb/usbhid.h>
 #include <dev/usb/usb_core.h>
 #include <dev/usb/usb_ioctl.h>
+#include <dev/usb/usb_util.h>
 
 #define	USB_DEBUG_VAR usbhid_debug
 #include <dev/usb/usb_debug.h>
@@ -694,7 +695,9 @@ usbhid_ioctl(device_t dev, unsigned long cmd, uintptr_t data)
 		    sc, USBHID_CTRL_DT, UGETW(req.ctrl.wLength));
 		if (error)
 			break;
-
+		error = usb_check_request(sc->sc_udev, &req.ctrl);
+		if (error)
+			break;
 		error = usbhid_sync_xfer(
 		    sc, USBHID_CTRL_DT, &req, ucr->ucr_data);
 		if (error == 0)