Correctly parse DFU interfaces with extra vendor-specific data

Fixes: https://github.com/hughsie/fwupd/issues/1152
2025-07-01 18:48:56 +00:00 · 2019-04-16 11:29:35 +01:00 · 2019-04-16 11:29:35 +01:00 · 8fada51919
commit 8fada51919
parent cce6a1cb5a
1 changed files with 5 additions and 11 deletions
--- a/plugins/dfu/dfu-device.c
+++ b/plugins/dfu/dfu-device.c
@ -200,7 +200,7 @@ static gboolean
 dfu_device_parse_iface_data (DfuDevice *device, GBytes *iface_data, GError **error)
 {
 	DfuDevicePrivate *priv = GET_PRIVATE (device);
-	DfuFuncDescriptor desc;
+	DfuFuncDescriptor desc = { 0x0 };
 	const guint8 *buf;
 	gsize sz;

@ -208,6 +208,10 @@ dfu_device_parse_iface_data (DfuDevice *device, GBytes *iface_data, GError **err
 	buf = g_bytes_get_data (iface_data, &sz);
 	if (sz == sizeof(DfuFuncDescriptor)) {
 		memcpy (&desc, buf, sz);
+	} else if (sz > sizeof(DfuFuncDescriptor)) {
+		g_debug ("DFU interface with %" G_GSIZE_FORMAT " bytes vendor data",
+			 sz - sizeof(DfuFuncDescriptor));
+		memcpy (&desc, buf, sizeof(DfuFuncDescriptor));
 	} else if (sz == sizeof(DfuFuncDescriptor) - 2) {
 		g_warning ("truncated DFU interface data, no bcdDFUVersion");
 		memcpy (&desc, buf, sz);
@ -227,16 +231,6 @@ dfu_device_parse_iface_data (DfuDevice *device, GBytes *iface_data, GError **err
 		return FALSE;
 	}

-	/* check sanity */
-	if (desc.bLength != sz) {
-		g_set_error (error,
-			     G_IO_ERROR,
-			     G_IO_ERROR_INVALID_DATA,
-			     "DFU interface data has incorrect length: 0x%02x",
-			     desc.bLength);
-		return FALSE;
-	}
-
 	/* get transfer size and version */
 	priv->transfer_size = GUINT16_FROM_LE (desc.wTransferSize);
 	priv->version = GUINT16_FROM_LE (desc.bcdDFUVersion);