usd: Check validation of set_line_coding packet size.

To prevent vulnerable memory allocation of set_line_conding packet,
check validation of set_line_coding packet size value.

Change-Id: I0db4860477769622a79d4b0b6d18d3518c795d59
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>

diff --git a/src/usb.c b/src/usb.c
index 8de12e4..03bcada 100644 (file)
--- a/src/usb.c
+++ b/src/usb.c
@@ -252,6 +252,9 @@ static void *ep0_handler(void *data)
                                        int value = __le16_to_cpu(ctrl->wLength);
                                        char *buf;
 
+                                       if (value != sizeof(struct usb_cdc_line_coding))
+                                               goto err;
+
                                        buf = malloc(value);
                                        if (!buf)
                                                goto err;