usb: Fix possible vulnerability

Since the return value of read operation is not checked properly,
it can be the target of attack by buffer overflows. To prevent this,
return values will be treated.

Change-Id: I702b64fb4f77b7cc507a519952c11f41813cf0a2
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>

diff --git a/src/usb.c b/src/usb.c
index f7920bb..f927b01 100644 (file)
--- a/src/usb.c
+++ b/src/usb.c
@@ -210,6 +210,7 @@ static void *ep0_handler(void *data)
        struct usb_context *ctx = data;
        struct usb_functionfs_event evt;
        int ret, ep0 = ctx->eps[TFMFFS_EP0];
+       ssize_t sz;
 
        pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
 
@@ -238,7 +239,8 @@ static void *ep0_handler(void *data)
                                        if (!buf)
                                                goto err;
 
-                                       if (read(ep0, buf, value) < 0) {
+                                       sz = read(ep0, buf, value);
+                                       if (sz < 0) {
                                                free(buf);
                                                goto err;
                                        }
@@ -249,12 +251,14 @@ static void *ep0_handler(void *data)
                                {
                                        int buf;
 
-                                       if (read(ep0, &buf, sizeof(buf)) < 0)
+                                       sz = read(ep0, &buf, sizeof(buf));
+                                       if (sz < 0)
                                                goto err;
                                        break;
                                }
                                default:
-                                       if (read(ep0, NULL, 0) < 0)
+                                       sz = read(ep0, NULL, 0);
+                                       if (sz < 0)
                                                goto err;
                                }
                        }