[libhid-discuss] [PATCH] bugfix: hid_compare_usb_device() will match incorrect device
Kacper Wysocki
kwy at redpill-linpro.com
Wed Oct 14 16:14:44 UTC 2009
Hello dear libhid list,
we use libhid to modeswitch a MagTek magnetic swipe card reader into a
different ascii to keypress conversion type.
We do something like:
HIDInterfaceMatcher matcher = { 0x0801, product_id, NULL, NULL, 0 };
ret = hid_init();
hid = hid_new_HIDInterface();
ret = hid_force_open(hid, 0, &matcher, 3);
/* snip modeswitching set_property() code */
hid_force_open() will fail with return code 13 (HID_RET_NOT_HID_DEVICE)
because the matcher matches on my root hub and not the
Vendor:ProductId passed in the matcher.
This is because in
hid_opening.c:hid_compare_usb_device(),
one uses a binary AND to match vendor and product ID. In a theoretical
example, if
I am trying to open a device with vendor_id 0x0001 and product_id 0x0001,
and I have another USB device with vendor_id 0x0005 and product_id 0x0005,
the matching function might match the wrong device, because the code
(dev->descriptor.idVendor & match->vendor_id) == match->vendor_id) {
=> 0x0003 & 0x0001 == 0x0001 is true!
and
(dev->descriptor.idProduct & match->product_id) == match->product_id) {
=> 0x0005 & 0x0001 == 0x0001 is true!
...which matches some other device than the one I wanted, if this other
device is scanned before the device I am interested in.
If you want a concrete example, I am looking for 0801:0001 which is the
Mag-Tek. lsusb>
Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 002: ID 0801:0001 Mag-Tek
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 002: ID 08ff:2810 AuthenTec, Inc.
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 002: ID 0930:6545 Toshiba Corp. Kingston DataTraveler 2.0
Stick (4GB) / PNY Attache 4GB Stick
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 006: ID 046d:c040 Logitech, Inc. Corded Tilt-Wheel Mouse
Bus 001 Device 005: ID 0409:0058 NEC Corp. HighSpeed Hub
Bus 001 Device 004: ID 04b3:4485 IBM Corp. Serial Converter
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
but hid_force_open tries to open 1d6b:0001, my root hub!
Our tool has been working rather hit and miss, sometimes it worked and
other times it failed and we had a hard time finding out why, until now.
Attached below is the patch that fixes this problem.
--
Kacper Wysocki / Infrastructure Systems Consultant
Mobile +47 943 94 126
Redpill Linpro - Changing the Game
Index: src/hid_opening.c
===================================================================
--- src/hid_opening.c (revision 364)
+++ src/hid_opening.c (working copy)
@@ -77,14 +77,14 @@
TRACE("inspecting vendor ID...");
if (dev->descriptor.idVendor > 0 &&
- (dev->descriptor.idVendor & match->vendor_id) == match->vendor_id) {
+ dev->descriptor.idVendor == match->vendor_id) {
TRACE("match on vendor ID: 0x%04x.", dev->descriptor.idVendor);
ret |= USB_MATCH_VENDOR;
}
else TRACE("no match on vendor ID.");
TRACE("inspecting product ID...");
- if ((dev->descriptor.idProduct & match->product_id) ==
match->product_id) {
+ if (dev->descriptor.idProduct == match->product_id) {
TRACE("match on product ID: 0x%04x.", dev->descriptor.idProduct);
ret |= USB_MATCH_PRODUCT;
}
More information about the libhid-discuss
mailing list