projects
/
pub
/
lufa.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
AVRISP-MKII Clone: Add length checks to SPI Multi and XPROG read/write commands.
[pub/lufa.git]
/
LUFA
/
Drivers
/
USB
/
Class
/
Device
/
RNDISClassDevice.c
diff --git
a/LUFA/Drivers/USB/Class/Device/RNDISClassDevice.c
b/LUFA/Drivers/USB/Class/Device/RNDISClassDevice.c
index
0fb0982
..
cb96c5e
100644
(file)
--- a/
LUFA/Drivers/USB/Class/Device/RNDISClassDevice.c
+++ b/
LUFA/Drivers/USB/Class/Device/RNDISClassDevice.c
@@
-1,13
+1,13
@@
/*
LUFA Library
/*
LUFA Library
- Copyright (C) Dean Camera, 20
15
.
+ Copyright (C) Dean Camera, 20
21
.
dean [at] fourwalledcubicle [dot] com
www.lufa-lib.org
*/
/*
dean [at] fourwalledcubicle [dot] com
www.lufa-lib.org
*/
/*
- Copyright 20
15
Dean Camera (dean [at] fourwalledcubicle [dot] com)
+ Copyright 20
21
Dean Camera (dean [at] fourwalledcubicle [dot] com)
Permission to use, copy, modify, distribute, and sell this
software and its documentation for any purpose is hereby granted
Permission to use, copy, modify, distribute, and sell this
software and its documentation for any purpose is hereby granted
@@
-81,6
+81,9
@@
void RNDIS_Device_ProcessControlRequest(USB_ClassInfo_RNDIS_Device_t* const RNDI
case RNDIS_REQ_SendEncapsulatedCommand:
if (USB_ControlRequest.bmRequestType == (REQDIR_HOSTTODEVICE | REQTYPE_CLASS | REQREC_INTERFACE))
{
case RNDIS_REQ_SendEncapsulatedCommand:
if (USB_ControlRequest.bmRequestType == (REQDIR_HOSTTODEVICE | REQTYPE_CLASS | REQREC_INTERFACE))
{
+ if (USB_ControlRequest.wLength >= sizeof(RNDISInterfaceInfo->Config.MessageBuffer))
+ break;
+
Endpoint_ClearSETUP();
Endpoint_Read_Control_Stream_LE(RNDISInterfaceInfo->Config.MessageBuffer, USB_ControlRequest.wLength);
Endpoint_ClearIN();
Endpoint_ClearSETUP();
Endpoint_Read_Control_Stream_LE(RNDISInterfaceInfo->Config.MessageBuffer, USB_ControlRequest.wLength);
Endpoint_ClearIN();
projects / pub / lufa.git / blobdiff