diff options
| author | Todd Broch <tbroch@chromium.org> | 2015-01-23 17:36:40 -0800 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-01-24 06:41:54 +0000 |
| commit | 0cefc2eeb5cd87cd42163379cfcf75d417b77f80 (patch) | |
| tree | d32c24503a323f0355fa296e3b0325009f138633 | |
| parent | d5a61288137b26c3fa4e52e0eb0ff621ffb36807 (diff) | |
| download | chrome-ec-0cefc2eeb5cd87cd42163379cfcf75d417b77f80.tar.gz | |
pd: Validate size of discover identity received by DFP.
Signed-off-by: Todd Broch <tbroch@chromium.org>
BRANCH=samus
BUG=chrome-os-partner:35859
TEST=manual, with CONFIG_CMD_USB_PD_PE and hoho in C1
> pe 1 dump
IDENT:
[ID Header] 6c0018d1 :: AMA, VID:18d1
[Cert Stat] 00000000
[2] 50100001 [3] 1100000b
SVID[0]: ff01 MODES: [1] 00000485
SVID[1]: 18d1 MODES: [1] 00000001
MODE[1]: svid:ff01 caps:00000485
Now see only the 2 additional product type VDOs (product, AMA)
Bits still make sense.
[2] 50100001 == 5010:Pid 0001:bcdDevice
[3] 1100000b == 1:hw vers 1:fw version
b:vbus req, USB 2.0 billboard only
Change-Id: Ie8fb74fa55a25ee760009d5a2858a62b0f696c92
Reviewed-on: https://chromium-review.googlesource.com/243080
Trybot-Ready: Todd Broch <tbroch@chromium.org>
Tested-by: Todd Broch <tbroch@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Commit-Queue: Todd Broch <tbroch@chromium.org>
| -rw-r--r-- | common/usb_pd_policy.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/common/usb_pd_policy.c b/common/usb_pd_policy.c index 6e5f32c3d5..60dd29e52d 100644 --- a/common/usb_pd_policy.c +++ b/common/usb_pd_policy.c @@ -191,11 +191,13 @@ void pd_dfp_pe_init(int port) pe[port].amode.index = -1; } -static void dfp_consume_identity(int port, uint32_t *payload) +static void dfp_consume_identity(int port, int cnt, uint32_t *payload) { int ptype = PD_IDH_PTYPE(payload[VDO_I(IDH)]); + size_t identity_size = MIN(sizeof(pe[port].identity), + (cnt - 1) * sizeof(uint32_t)); pd_dfp_pe_init(port); - memcpy(&pe[port].identity, payload + 1, sizeof(pe[port].identity)); + memcpy(&pe[port].identity, payload + 1, identity_size); switch (ptype) { case IDH_PTYPE_AMA: /* TODO(tbroch) do I disable VBUS here if power contract @@ -493,7 +495,7 @@ int pd_svdm(int port, int cnt, uint32_t *payload, uint32_t **rpayload) switch (cmd) { #ifdef CONFIG_USB_PD_ALT_MODE_DFP case CMD_DISCOVER_IDENT: - dfp_consume_identity(port, payload); + dfp_consume_identity(port, cnt, payload); rsize = dfp_discover_svids(port, payload); break; case CMD_DISCOVER_SVID: |