[Spice-devel] [PATCH usbredir v3] usbredirserver: reject empty vendorid in cmd line
Frediano Ziglio
fziglio at redhat.com
Wed Nov 29 11:13:27 UTC 2017
>
> From: Chen Hanxiao <chenhanxiao at gmail.com>
>
> Vendor ID 0000 is not a valid ID [1]
> But we could pass it from cmd:
> usbredirserver :abcd
> Which will get a 0000 vendor ID.
>
> or
> usbredirserver 0000:87abcd
> will get an ID > 0xffff
>
>
> This patch will check this senario.
>
> [1]: http://www.linux-usb.org/usb.ids
>
> Signed-off-by: Chen Hanxiao <chenhanxiao at gmail.com>
Acked-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> v3:
> fix a bad code style
> v2.1:
> fix a copy-paste error
> v2:
> add range check of vid/pid
>
> usbredirserver/usbredirserver.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/usbredirserver/usbredirserver.c
> b/usbredirserver/usbredirserver.c
> index 5a4adc5..5575181 100644
> --- a/usbredirserver/usbredirserver.c
> +++ b/usbredirserver/usbredirserver.c
> @@ -259,11 +259,12 @@ int main(int argc, char *argv[])
> invalid_usb_device_id(argv[optind], argv[0]);
> }
> usbvendor = strtol(argv[optind], &endptr, 16);
> - if (*endptr != ':') {
> + if (*endptr != ':' || usbvendor <= 0 || usbvendor > 0xffff) {
> invalid_usb_device_id(argv[optind], argv[0]);
> }
> usbproduct = strtol(delim + 1, &endptr, 16);
> - if (*endptr != '\0') {
> + /* Product ID 0000 is valid */
> + if (*endptr != '\0' || usbproduct < 0 || usbproduct > 0xffff) {
> invalid_usb_device_id(argv[optind], argv[0]);
> }
> }
Thanks,
Frediano
More information about the Spice-devel
mailing list