diff options
| -rw-r--r-- | Demos/Device/LowLevel/MassStorage/MassStorage.c | 2 | ||||
| -rw-r--r-- | LUFA/Drivers/USB/Class/Device/MassStorage.c | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/Demos/Device/LowLevel/MassStorage/MassStorage.c b/Demos/Device/LowLevel/MassStorage/MassStorage.c index ebb8e5c48..2c80fc595 100644 --- a/Demos/Device/LowLevel/MassStorage/MassStorage.c +++ b/Demos/Device/LowLevel/MassStorage/MassStorage.c @@ -256,6 +256,8 @@ static bool ReadInCommandBlock(void) /* Verify the command block - abort if invalid */
if ((CommandBlock.Signature != CBW_SIGNATURE) ||
(CommandBlock.LUN >= TOTAL_LUNS) ||
+ (CommandBlock.Flags & 0x1F) ||
+ (CommandBlock.SCSICommandLength == 0) ||
(CommandBlock.SCSICommandLength > MAX_SCSI_COMMAND_LENGTH))
{
/* Stall both data pipes until reset by host */
diff --git a/LUFA/Drivers/USB/Class/Device/MassStorage.c b/LUFA/Drivers/USB/Class/Device/MassStorage.c index ceb4b9647..f7f3fd9f2 100644 --- a/LUFA/Drivers/USB/Class/Device/MassStorage.c +++ b/LUFA/Drivers/USB/Class/Device/MassStorage.c @@ -149,6 +149,8 @@ static bool MS_Device_ReadInCommandBlock(USB_ClassInfo_MS_Device_t* const MSInte if ((MSInterfaceInfo->State.CommandBlock.Signature != MS_CBW_SIGNATURE) ||
(MSInterfaceInfo->State.CommandBlock.LUN >= MSInterfaceInfo->Config.TotalLUNs) ||
+ (MSInterfaceInfo->State.CommandBlock.Flags & 0x1F) ||
+ (MSInterfaceInfo->State.CommandBlock.SCSICommandLength == 0) ||
(MSInterfaceInfo->State.CommandBlock.SCSICommandLength > 16))
{
Endpoint_StallTransaction();
|