From d0db78432fc02bacbd57cc9f15eb05b4e56981cb Mon Sep 17 00:00:00 2001
From: Dean Camera <dean@fourwalledcubicle.com>
Date: Tue, 21 Jul 2009 04:46:48 +0000
Subject: [PATCH] Add extra tests to the MassStorage device demo and class
 driver for validating command blocks from the host.

---
 Demos/Device/LowLevel/MassStorage/MassStorage.c | 2 ++
 LUFA/Drivers/USB/Class/Device/MassStorage.c     | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/Demos/Device/LowLevel/MassStorage/MassStorage.c b/Demos/Device/LowLevel/MassStorage/MassStorage.c
index ebb8e5c48..2c80fc595 100644
--- a/Demos/Device/LowLevel/MassStorage/MassStorage.c
+++ b/Demos/Device/LowLevel/MassStorage/MassStorage.c
@@ -256,6 +256,8 @@ static bool ReadInCommandBlock(void)
 	/* Verify the command block - abort if invalid */
 	if ((CommandBlock.Signature         != CBW_SIGNATURE) ||
 	    (CommandBlock.LUN               >= TOTAL_LUNS)    ||
+		(CommandBlock.Flags              & 0x1F)          ||
+		(CommandBlock.SCSICommandLength == 0)             ||
 		(CommandBlock.SCSICommandLength >  MAX_SCSI_COMMAND_LENGTH))
 	{
 		/* Stall both data pipes until reset by host */
diff --git a/LUFA/Drivers/USB/Class/Device/MassStorage.c b/LUFA/Drivers/USB/Class/Device/MassStorage.c
index ceb4b9647..f7f3fd9f2 100644
--- a/LUFA/Drivers/USB/Class/Device/MassStorage.c
+++ b/LUFA/Drivers/USB/Class/Device/MassStorage.c
@@ -149,6 +149,8 @@ static bool MS_Device_ReadInCommandBlock(USB_ClassInfo_MS_Device_t* const MSInte
 
 	if ((MSInterfaceInfo->State.CommandBlock.Signature         != MS_CBW_SIGNATURE)                  ||
 	    (MSInterfaceInfo->State.CommandBlock.LUN               >= MSInterfaceInfo->Config.TotalLUNs) ||
+		(MSInterfaceInfo->State.CommandBlock.Flags              & 0x1F)                              ||
+		(MSInterfaceInfo->State.CommandBlock.SCSICommandLength == 0)                                 ||
 		(MSInterfaceInfo->State.CommandBlock.SCSICommandLength >  16))
 	{
 		Endpoint_StallTransaction();
-- 
GitLab