Manage Usb Descriptor List\r
\r
Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
}\r
\r
//\r
- // Total length is too small that cannot hold the single descriptor header plus data. \r
+ // Total length is too small that cannot hold the single descriptor header plus data.\r
//\r
if (Len <= sizeof (USB_DESC_HEAD)) {\r
DEBUG ((DEBUG_ERROR, "UsbCreateDesc: met mal-format descriptor, total length = %d!\n", Len));\r
//\r
if (Len < Offset) {\r
DEBUG ((DEBUG_ERROR, "UsbCreateDesc: met mal-format descriptor, Offset/Len = %d/%d!\n", Offset, Len));\r
+ return NULL;\r
}\r
\r
if ((Head->Type != Type) || (Head->Len < DescLen)) {\r
//\r
Status = UsbCtrlGetDesc (UsbDev, USB_DESC_TYPE_STRING, Index, LangId, &Desc, 2);\r
\r
- if (EFI_ERROR (Status)) {\r
+ //\r
+ // Reject if Length even cannot cover itself, or odd because Unicode string byte length should be even.\r
+ //\r
+ if (EFI_ERROR (Status) ||\r
+ (Desc.Length < OFFSET_OF (EFI_USB_STRING_DESCRIPTOR, Length) + sizeof (Desc.Length)) ||\r
+ (Desc.Length % 2 != 0)\r
+ ) {\r
return NULL;\r
}\r
\r