From 5494b0e99adb7c50d0212d51dd66b47848834f3f Mon Sep 17 00:00:00 2001
From: sakumisu <1203593632@qq.com>
Date: Wed, 3 Apr 2024 11:27:28 +0800
Subject: [PATCH] add check for wTotalLength

---
 core/usbh_core.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/core/usbh_core.c b/core/usbh_core.c
index 3349a759..b8ed028d 100644
--- a/core/usbh_core.c
+++ b/core/usbh_core.c
@@ -515,6 +515,12 @@ int usbh_enumerate(struct usbh_hubport *hport)
     /* Read the full size of the configuration data */
     uint16_t wTotalLength = ((struct usb_configuration_descriptor *)ep0_request_buffer[hport->bus->busid])->wTotalLength;
 
+    if (wTotalLength > CONFIG_USBHOST_REQUEST_BUFFER_LEN) {
+        ret = -USB_ERR_NOMEM;
+        USB_LOG_ERR("wTotalLength %d is overflow, default is %d\r\n", wTotalLength, CONFIG_USBHOST_REQUEST_BUFFER_LEN);
+        goto errout;
+    }
+
     setup->bmRequestType = USB_REQUEST_DIR_IN | USB_REQUEST_STANDARD | USB_REQUEST_RECIPIENT_DEVICE;
     setup->bRequest = USB_REQUEST_GET_DESCRIPTOR;
     setup->wValue = (uint16_t)((USB_DESCRIPTOR_TYPE_CONFIGURATION << 8) | 0);