[Spice-devel] [PATCH usbredir v2] usbredirserver: reject empty vendorid in cmd line
Chen Hanxiao
chen_han_xiao at 126.com
Tue Nov 28 12:15:42 UTC 2017
At 2017-11-28 19:38:10, "Frediano Ziglio" <fziglio at redhat.com> wrote:
>>
>> From: Chen Hanxiao <chenhanxiao at gmail.com>
>>
>> Vendor ID 0000 is not a valid ID [1]
>> But we could pass it from cmd:
>> usbredirserver :abcd
>> Which will cause a 0000 vendor id.
>> Also check the range of them.
>>
>> This patch will check this senario.
>>
>> [1]: http://www.linux-usb.org/usb.ids
>>
>> Signed-off-by: Chen Hanxiao <chenhanxiao at gmail.com>
>> ---
>> v2:
>> add range check of vid/pid
>>
>> usbredirserver/usbredirserver.c | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/usbredirserver/usbredirserver.c
>> b/usbredirserver/usbredirserver.c
>> index 5a4adc5..4e418bb 100644
>> --- a/usbredirserver/usbredirserver.c
>> +++ b/usbredirserver/usbredirserver.c
>> @@ -259,11 +259,13 @@ int main(int argc, char *argv[])
>> invalid_usb_device_id(argv[optind], argv[0]);
>> }
>> usbvendor = strtol(argv[optind], &endptr, 16);
>> - if (*endptr != ':') {
>> + if (*endptr != ':' || usbvendor <= 0
>> + || usbvendor > 0xffff) {
>> invalid_usb_device_id(argv[optind], argv[0]);
>> }
>> usbproduct = strtol(delim + 1, &endptr, 16);
>> - if (*endptr != '\0') {
>> + if (*endptr != '\0' || usbproduct <= 0
>> + || usbproduct > 0xffff) {
>> invalid_usb_device_id(argv[optind], argv[0]);
>> }
>> }
>
>Sorry, forget to check before, apparently some companies uses
>0000 for the product, for instance:
>
>03ee Mitsumi
> 0000 CD-R/RW Drive
>...
>403 Future Technology Devices International, Ltd
> 0000 H4SMK 7 Port Hub / Bricked Counterfeit FT232 Serial (UART) IC
>
Sorry for my copy-paste...
I've done this in v1.
Will be fixed in v2.1
Regards,
- Chen
More information about the Spice-devel
mailing list