git: 0b62641d0d61 - stable/13 - usbhid(4): Be more restrictive about what requests are allowed from user-space.

From: Vladimir Kondratyev <wulf_at_FreeBSD.org>
Date: Sat, 24 Dec 2022 08:37:03 UTC
The branch stable/13 has been updated by wulf:

URL: https://cgit.FreeBSD.org/src/commit/?id=0b62641d0d617eb783c4d7f7457d0f6bc48a6bd0

commit 0b62641d0d617eb783c4d7f7457d0f6bc48a6bd0
Author:     Hans Petter Selasky <hselasky@FreeBSD.org>
AuthorDate: 2022-03-03 09:24:02 +0000
Commit:     Vladimir Kondratyev <wulf@FreeBSD.org>
CommitDate: 2022-12-24 08:33:27 +0000

    usbhid(4): Be more restrictive about what requests are allowed from user-space.
    
    (cherry picked from commit fcca9fd98ce40d586e3b0147ba880b9104589269)
---
 sys/dev/usb/input/usbhid.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/dev/usb/input/usbhid.c b/sys/dev/usb/input/usbhid.c
index ed76f6291a11..3b7886f0fada 100644
--- a/sys/dev/usb/input/usbhid.c
+++ b/sys/dev/usb/input/usbhid.c
@@ -69,6 +69,7 @@ __FBSDID("$FreeBSD$");
 #include <dev/usb/usbhid.h>
 #include <dev/usb/usb_core.h>
 #include <dev/usb/usb_ioctl.h>
+#include <dev/usb/usb_util.h>
 
 #define	USB_DEBUG_VAR usbhid_debug
 #include <dev/usb/usb_debug.h>
@@ -694,7 +695,9 @@ usbhid_ioctl(device_t dev, unsigned long cmd, uintptr_t data)
 		    sc, USBHID_CTRL_DT, UGETW(req.ctrl.wLength));
 		if (error)
 			break;
-
+		error = usb_check_request(sc->sc_udev, &req.ctrl);
+		if (error)
+			break;
 		error = usbhid_sync_xfer(
 		    sc, USBHID_CTRL_DT, &req, ucr->ucr_data);
 		if (error == 0)