diff --git a/Demos/Device/LowLevel/MassStorage/MassStorage.c b/Demos/Device/LowLevel/MassStorage/MassStorage.c index ebb8e5c484..2c80fc595e 100644 --- a/Demos/Device/LowLevel/MassStorage/MassStorage.c +++ b/Demos/Device/LowLevel/MassStorage/MassStorage.c @@ -256,6 +256,8 @@ static bool ReadInCommandBlock(void) /* Verify the command block - abort if invalid */ if ((CommandBlock.Signature != CBW_SIGNATURE) || (CommandBlock.LUN >= TOTAL_LUNS) || + (CommandBlock.Flags & 0x1F) || + (CommandBlock.SCSICommandLength == 0) || (CommandBlock.SCSICommandLength > MAX_SCSI_COMMAND_LENGTH)) { /* Stall both data pipes until reset by host */ diff --git a/LUFA/Drivers/USB/Class/Device/MassStorage.c b/LUFA/Drivers/USB/Class/Device/MassStorage.c index ceb4b9647d..f7f3fd9f23 100644 --- a/LUFA/Drivers/USB/Class/Device/MassStorage.c +++ b/LUFA/Drivers/USB/Class/Device/MassStorage.c @@ -149,6 +149,8 @@ static bool MS_Device_ReadInCommandBlock(USB_ClassInfo_MS_Device_t* const MSInte if ((MSInterfaceInfo->State.CommandBlock.Signature != MS_CBW_SIGNATURE) || (MSInterfaceInfo->State.CommandBlock.LUN >= MSInterfaceInfo->Config.TotalLUNs) || + (MSInterfaceInfo->State.CommandBlock.Flags & 0x1F) || + (MSInterfaceInfo->State.CommandBlock.SCSICommandLength == 0) || (MSInterfaceInfo->State.CommandBlock.SCSICommandLength > 16)) { Endpoint_StallTransaction();