From d0db78432fc02bacbd57cc9f15eb05b4e56981cb Mon Sep 17 00:00:00 2001 From: Dean Camera Date: Tue, 21 Jul 2009 04:46:48 +0000 Subject: [PATCH] Add extra tests to the MassStorage device demo and class driver for validating command blocks from the host. --- Demos/Device/LowLevel/MassStorage/MassStorage.c | 2 ++ LUFA/Drivers/USB/Class/Device/MassStorage.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/Demos/Device/LowLevel/MassStorage/MassStorage.c b/Demos/Device/LowLevel/MassStorage/MassStorage.c index ebb8e5c484..2c80fc595e 100644 --- a/Demos/Device/LowLevel/MassStorage/MassStorage.c +++ b/Demos/Device/LowLevel/MassStorage/MassStorage.c @@ -256,6 +256,8 @@ static bool ReadInCommandBlock(void) /* Verify the command block - abort if invalid */ if ((CommandBlock.Signature != CBW_SIGNATURE) || (CommandBlock.LUN >= TOTAL_LUNS) || + (CommandBlock.Flags & 0x1F) || + (CommandBlock.SCSICommandLength == 0) || (CommandBlock.SCSICommandLength > MAX_SCSI_COMMAND_LENGTH)) { /* Stall both data pipes until reset by host */ diff --git a/LUFA/Drivers/USB/Class/Device/MassStorage.c b/LUFA/Drivers/USB/Class/Device/MassStorage.c index ceb4b9647d..f7f3fd9f23 100644 --- a/LUFA/Drivers/USB/Class/Device/MassStorage.c +++ b/LUFA/Drivers/USB/Class/Device/MassStorage.c @@ -149,6 +149,8 @@ static bool MS_Device_ReadInCommandBlock(USB_ClassInfo_MS_Device_t* const MSInte if ((MSInterfaceInfo->State.CommandBlock.Signature != MS_CBW_SIGNATURE) || (MSInterfaceInfo->State.CommandBlock.LUN >= MSInterfaceInfo->Config.TotalLUNs) || + (MSInterfaceInfo->State.CommandBlock.Flags & 0x1F) || + (MSInterfaceInfo->State.CommandBlock.SCSICommandLength == 0) || (MSInterfaceInfo->State.CommandBlock.SCSICommandLength > 16)) { Endpoint_StallTransaction();