From d2c6869e30bdbdf5841afbf4c58509efdb6d67e6 Mon Sep 17 00:00:00 2001
From: Johann Fischer <j.fischer@phytec.de>
Date: Fri, 5 Apr 2019 17:52:57 +0200
Subject: [PATCH] drivers: usb: check maximum packet size

Check maximum packet size (MPS) of an endpoint in usb_dc_kinetis
and usb_dc_native_posix drivers.

resolves #14957
resolves #14954

Signed-off-by: Johann Fischer <j.fischer@phytec.de>
---
 drivers/usb/device/usb_dc_kinetis.c      | 36 ++++++++++++++++++------
 drivers/usb/device/usb_dc_native_posix.c |  4 ++-
 2 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/drivers/usb/device/usb_dc_kinetis.c b/drivers/usb/device/usb_dc_kinetis.c
index 686c1dced2..88113d36ca 100644
--- a/drivers/usb/device/usb_dc_kinetis.c
+++ b/drivers/usb/device/usb_dc_kinetis.c
@@ -276,14 +276,35 @@ int usb_dc_ep_check_cap(const struct usb_dc_ep_cfg_data * const cfg)
 {
 	u8_t ep_idx = EP_ADDR2IDX(cfg->ep_addr);
 
-	if ((cfg->ep_type == USB_DC_EP_CONTROL) && ep_idx) {
-		LOG_ERR("invalid endpoint configuration");
-		return -1;
-	}
-
 	if (ep_idx > (NUM_OF_EP_MAX - 1)) {
 		LOG_ERR("endpoint index/address out of range");
-		return -1;
+		return -EINVAL;
+	}
+
+	switch (cfg->ep_type) {
+	case USB_DC_EP_CONTROL:
+		if (cfg->ep_mps > USB_MAX_CTRL_MPS) {
+			return -EINVAL;
+		}
+		return 0;
+	case USB_DC_EP_BULK:
+		if (cfg->ep_mps > USB_MAX_FS_BULK_MPS) {
+			return -EINVAL;
+		}
+		break;
+	case USB_DC_EP_INTERRUPT:
+		if (cfg->ep_mps > USB_MAX_FS_INT_MPS) {
+			return -EINVAL;
+		}
+		break;
+	case USB_DC_EP_ISOCHRONOUS:
+		if (cfg->ep_mps > USB_MAX_FS_ISO_MPS) {
+			return -EINVAL;
+		}
+		break;
+	default:
+		LOG_ERR("Unknown endpoint type!");
+		return -EINVAL;
 	}
 
 	if (ep_idx & BIT(0)) {
@@ -309,8 +330,7 @@ int usb_dc_ep_configure(const struct usb_dc_ep_cfg_data * const cfg)
 	struct k_mem_block *block;
 	struct usb_ep_ctrl_data *ep_ctrl = &dev_data.ep_ctrl[ep_idx];
 
-	if (ep_idx > (NUM_OF_EP_MAX - 1)) {
-		LOG_ERR("Wrong endpoint index/address");
+	if (usb_dc_ep_check_cap(cfg)) {
 		return -EINVAL;
 	}
 
diff --git a/drivers/usb/device/usb_dc_native_posix.c b/drivers/usb/device/usb_dc_native_posix.c
index 452508291b..4106b8a3a1 100644
--- a/drivers/usb/device/usb_dc_native_posix.c
+++ b/drivers/usb/device/usb_dc_native_posix.c
@@ -192,7 +192,9 @@ int usb_dc_ep_configure(const struct usb_dc_ep_cfg_data * const cfg)
 	u8_t ep = cfg->ep_addr;
 	u8_t ep_idx = USBIP_EP_ADDR2IDX(ep);
 
-	LOG_DBG("ep %x, mps %d, type %d", ep, ep_mps, cfg->ep_type);
+	if (usb_dc_ep_check_cap(cfg)) {
+		return -EINVAL;
+	}
 
 	if (!usbip_ctrl.attached && !usbip_ep_is_valid(ep)) {
 		return -EINVAL;