Commit 0aeebc73 authored by Gerd Hoffmann's avatar Gerd Hoffmann
Browse files

usb-ccid: better bulk_out error handling 



Add err goto label where we can jump to from all error conditions.
STALL request on all errors.  Reset position on all errors.

Normal request processing is not in a else branch any more, so this code
is reintended, there are no code changes in that part of the code
though.

Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
Reviewed-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1487250819-23764-2-git-send-email-kraxel@redhat.com
parent 558ff1b6

hw/usb/dev-smartcard-reader.c

+61 −55
Original line number Diff line number Diff line
@@ -1001,8 +1001,7 @@ static void ccid_handle_bulk_out(USBCCIDState *s, USBPacket *p) 
    CCID_Header *ccid_header;



    if (p->iov.size + s->bulk_out_pos > BULK_OUT_DATA_SIZE) {

        p->status = USB_RET_STALL;

        return;

        goto err;

    }

    ccid_header = (CCID_Header *)s->bulk_out_data;

    usb_packet_copy(p, s->bulk_out_data + s->bulk_out_pos, p->iov.size);
@@ -1017,7 +1016,9 @@ static void ccid_handle_bulk_out(USBCCIDState *s, USBPacket *p) 
        DPRINTF(s, 1,

                "%s: bad USB_TOKEN_OUT length, should be at least 10 bytes\n",

                __func__);

    } else {

        goto err;

    }



    DPRINTF(s, D_MORE_INFO, "%s %x %s\n", __func__,

            ccid_header->bMessageType,

            ccid_message_type_to_str(ccid_header->bMessageType));
@@ -1073,8 +1074,13 @@ static void ccid_handle_bulk_out(USBCCIDState *s, USBPacket *p) 
        ccid_write_slot_status(s, ccid_header);

        break;

    }

    }

    s->bulk_out_pos = 0;

    return;



err:

    p->status = USB_RET_STALL;

    s->bulk_out_pos = 0;

    return;

}



static void ccid_bulk_in_copy_to_guest(USBCCIDState *s, USBPacket *p)