[Spice-devel] [PATCH spice-gtk v2 11/33] fixup! usb-redir: add files for SCSI and USB MSC implementation

[Frediano Ziglio]

Filter cmd_len bits, specifications state it's a 5 bit field

Although higher bits of the byte are reserved and should be zero
filter them out.
Also accept 16 as length.
---
 src/cd-usb-bulk-msd.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/cd-usb-bulk-msd.c b/src/cd-usb-bulk-msd.c
index cb0ad91c..49e01eb6 100644
--- a/src/cd-usb-bulk-msd.c
+++ b/src/cd-usb-bulk-msd.c
@@ -271,8 +271,9 @@ static int parse_usb_msd_cmd(UsbCdBulkMsdDevice *cd, uint8_t *buf, uint32_t cbw_
         SPICE_ERROR("CMD: Bad CBW signature:%08x", le32toh(cbw->sig));
         return -1;
     }
-    if (cbw->cmd_len < 1 || cbw->cmd_len >= 16) {
-        SPICE_ERROR("CMD: Bad CBW command len:%08x", cbw->cmd_len);
+    const uint8_t cmd_len = cbw->cmd_len & 0x1F;
+    if (cmd_len < 1 || cmd_len > 16) {
+        SPICE_ERROR("CMD: Bad CBW command len:%08x", cmd_len);
         return -1;
     }
 
@@ -297,7 +298,7 @@ static int parse_usb_msd_cmd(UsbCdBulkMsdDevice *cd, uint8_t *buf, uint32_t cbw_
         scsi_req->buf_len = 0;
     }
 
-    scsi_req->cdb_len = cbw->cmd_len;
+    scsi_req->cdb_len = cmd_len;
     g_assert(scsi_req->cdb_len <= sizeof(scsi_req->cdb));
     memcpy(scsi_req->cdb, cbw->cmd, scsi_req->cdb_len);
 
-- 
2.20.1