Fixed short length for usb io control return.

author akallabeth <akallabeth@posteo.net>

Thu, 13 Aug 2020 11:51:38 +0000 (13:51 +0200)

committer akallabeth <akallabeth@users.noreply.github.com>

Tue, 1 Dec 2020 14:10:23 +0000 (15:10 +0100)
author akallabeth <akallabeth@posteo.net>
Thu, 13 Aug 2020 11:51:38 +0000 (13:51 +0200)
committer akallabeth <akallabeth@users.noreply.github.com>
Tue, 1 Dec 2020 14:10:23 +0000 (15:10 +0100)
diff --git a/channels/urbdrc/client/data_transfer.c b/channels/urbdrc/client/data_transfer.c

index d67c33c..f33b0f3 100644 (file)
--- a/channels/urbdrc/client/data_transfer.c
+++ b/channels/urbdrc/client/data_transfer.c
@@ -242,7 +242,7 @@ static UINT urbdrc_process_io_control(IUDEVICE* pdev, URBDRC_CHANNEL_CALLBACK* c
         Stream_Read_UINT32(s, OutputBufferSize);
         Stream_Read_UINT32(s, RequestId);
         InterfaceId = ((STREAM_ID_PROXY << 30) | pdev->get_ReqCompletion(pdev));
-       out = urb_create_iocompletion(InterfaceId, MessageId, RequestId, OutputBufferSize);
+       out = urb_create_iocompletion(InterfaceId, MessageId, RequestId, OutputBufferSize + 4);
  
         if (!out)
                 return ERROR_OUTOFMEMORY;
@@ -266,7 +266,11 @@ static UINT urbdrc_process_io_control(IUDEVICE* pdev, URBDRC_CHANNEL_CALLBACK* c
  
                         if (success)
                         {
-                               Stream_Seek(out, OutputBufferSize);
+                               if (!Stream_SafeSeek(out, OutputBufferSize))
+                               {
+                                       Stream_Free(out, TRUE);
+                                       return ERROR_INVALID_DATA;
+                               }
  
                                 if (pdev->isExist(pdev) == 0)
                                         Stream_Write_UINT32(out, 0);
author	akallabeth <akallabeth@posteo.net>
	Thu, 13 Aug 2020 11:51:38 +0000 (13:51 +0200)
committer	akallabeth <akallabeth@users.noreply.github.com>
	Tue, 1 Dec 2020 14:10:23 +0000 (15:10 +0100)