From f665eaad5fb038762fcf4de7b950362e23647aa2 Mon Sep 17 00:00:00 2001 From: y21 <30553356+y21@users.noreply.github.com> Date: Thu, 1 May 2025 23:55:29 +0200 Subject: [PATCH] Check buffer out and size in HID_USBv5/USB_VEN GetVersion Ioctl --- Source/Core/Core/IOS/USB/USBV5.cpp | 16 ++++++++++++++++ Source/Core/Core/IOS/USB/USBV5.h | 1 + Source/Core/Core/IOS/USB/USB_HID/HIDv5.cpp | 8 +------- Source/Core/Core/IOS/USB/USB_VEN/VEN.cpp | 8 +------- 4 files changed, 19 insertions(+), 14 deletions(-) diff --git a/Source/Core/Core/IOS/USB/USBV5.cpp b/Source/Core/Core/IOS/USB/USBV5.cpp index e43e59dfaf..afc29a252a 100644 --- a/Source/Core/Core/IOS/USB/USBV5.cpp +++ b/Source/Core/Core/IOS/USB/USBV5.cpp @@ -204,6 +204,22 @@ std::optional USBV5ResourceManager::HandleDeviceIOCtl(const IOCtlReque return handler(*device); } +IPCReply USBV5ResourceManager::GetUSBVersion(const IOCtlRequest& request) const +{ + static constexpr u32 VERSION = 0x50001; + + if (request.buffer_in != 0 || request.buffer_in_size != 0 || request.buffer_out == 0 || + request.buffer_out_size != 0x20) + { + return IPCReply(IPC_EINVAL); + } + + auto& system = GetSystem(); + auto& memory = system.GetMemory(); + memory.Write_U32(VERSION, request.buffer_out); + return IPCReply(IPC_SUCCESS); +} + void USBV5ResourceManager::OnDeviceChange(const ChangeEvent event, std::shared_ptr device) { diff --git a/Source/Core/Core/IOS/USB/USBV5.h b/Source/Core/Core/IOS/USB/USBV5.h index 8c722ff723..059092c1a9 100644 --- a/Source/Core/Core/IOS/USB/USBV5.h +++ b/Source/Core/Core/IOS/USB/USBV5.h @@ -83,6 +83,7 @@ protected: using Handler = std::function(USBV5Device&)>; std::optional HandleDeviceIOCtl(const IOCtlRequest& request, Handler handler); + IPCReply GetUSBVersion(const IOCtlRequest& request) const; void OnDeviceChange(ChangeEvent event, std::shared_ptr device) override; void OnDeviceChangeEnd() override; diff --git a/Source/Core/Core/IOS/USB/USB_HID/HIDv5.cpp b/Source/Core/Core/IOS/USB/USB_HID/HIDv5.cpp index e193c498f5..ef9e64ebb9 100644 --- a/Source/Core/Core/IOS/USB/USB_HID/HIDv5.cpp +++ b/Source/Core/Core/IOS/USB/USB_HID/HIDv5.cpp @@ -16,21 +16,15 @@ namespace IOS::HLE { -constexpr u32 USBV5_VERSION = 0x50001; - USB_HIDv5::~USB_HIDv5() = default; std::optional USB_HIDv5::IOCtl(const IOCtlRequest& request) { - auto& system = GetSystem(); - auto& memory = system.GetMemory(); - request.Log(GetDeviceName(), Common::Log::LogType::IOS_USB); switch (request.request) { case USB::IOCTL_USBV5_GETVERSION: - memory.Write_U32(USBV5_VERSION, request.buffer_out); - return IPCReply(IPC_SUCCESS); + return GetUSBVersion(request); case USB::IOCTL_USBV5_GETDEVICECHANGE: return GetDeviceChange(request); case USB::IOCTL_USBV5_SHUTDOWN: diff --git a/Source/Core/Core/IOS/USB/USB_VEN/VEN.cpp b/Source/Core/Core/IOS/USB/USB_VEN/VEN.cpp index d8d624e898..c8ccbbbcd6 100644 --- a/Source/Core/Core/IOS/USB/USB_VEN/VEN.cpp +++ b/Source/Core/Core/IOS/USB/USB_VEN/VEN.cpp @@ -16,21 +16,15 @@ namespace IOS::HLE { -constexpr u32 USBV5_VERSION = 0x50001; - USB_VEN::~USB_VEN() = default; std::optional USB_VEN::IOCtl(const IOCtlRequest& request) { - auto& system = GetSystem(); - auto& memory = system.GetMemory(); - request.Log(GetDeviceName(), Common::Log::LogType::IOS_USB); switch (request.request) { case USB::IOCTL_USBV5_GETVERSION: - memory.Write_U32(USBV5_VERSION, request.buffer_out); - return IPCReply(IPC_SUCCESS); + return GetUSBVersion(request); case USB::IOCTL_USBV5_GETDEVICECHANGE: return GetDeviceChange(request); case USB::IOCTL_USBV5_SHUTDOWN: