diff --git a/src/generic/usb_cdc.c b/src/generic/usb_cdc.c index a87ab810..07b38d0e 100644 --- a/src/generic/usb_cdc.c +++ b/src/generic/usb_cdc.c @@ -355,7 +355,8 @@ usb_do_xfer(void *data, uint_fast8_t size, uint_fast8_t flags) static void usb_req_get_descriptor(struct usb_ctrlrequest *req) { - // XXX - validate req + if (req->bRequestType != USB_DIR_IN) + goto fail; uint_fast8_t i; for (i=0; ibRequestType || req->wIndex || req->wLength) { + usb_do_stall(); + return; + } usb_set_address(req->wValue); } static void usb_req_set_configuration(struct usb_ctrlrequest *req) { + if (req->bRequestType || req->wValue != 1 || req->wIndex || req->wLength) { + usb_do_stall(); + return; + } usb_set_configure(); usb_notify_bulk_in(); usb_do_xfer(NULL, 0, UX_SEND); @@ -393,18 +403,32 @@ static struct usb_cdc_line_coding line_coding; static void usb_req_set_line_coding(struct usb_ctrlrequest *req) { + if (req->bRequestType != 0x21 || req->wValue || req->wIndex + || req->wLength != sizeof(line_coding)) { + usb_do_stall(); + return; + } usb_do_xfer(&line_coding, sizeof(line_coding), UX_READ); } static void usb_req_get_line_coding(struct usb_ctrlrequest *req) { + if (req->bRequestType != 0xa1 || req->wValue || req->wIndex + || req->wLength < sizeof(line_coding)) { + usb_do_stall(); + return; + } usb_do_xfer(&line_coding, sizeof(line_coding), UX_SEND); } static void usb_req_set_line(struct usb_ctrlrequest *req) { + if (req->bRequestType != 0x21 || req->wIndex || req->wLength) { + usb_do_stall(); + return; + } usb_do_xfer(NULL, 0, UX_SEND); }