[libhid-discuss] [PATCH] bugfix: hid_compare_usb_device() will match incorrect device

Kacper Wysocki kwy at redpill-linpro.com
Wed Oct 14 16:14:44 UTC 2009 

Hello dear libhid list,

we use libhid to modeswitch a MagTek magnetic swipe card reader into a
different ascii to keypress conversion type.

We do something like:

   HIDInterfaceMatcher matcher = { 0x0801, product_id, NULL, NULL, 0 };
   ret = hid_init();
   hid = hid_new_HIDInterface();
   ret = hid_force_open(hid, 0, &matcher, 3);
   /* snip modeswitching set_property() code */

hid_force_open() will fail with return code 13 (HID_RET_NOT_HID_DEVICE)
because the matcher matches on my root hub and not the
Vendor:ProductId passed in the matcher.

This is because in
hid_opening.c:hid_compare_usb_device(),
one uses a binary AND to match vendor and product ID. In a theoretical
example, if
I am trying to open a device with vendor_id 0x0001 and product_id 0x0001,
and I have another USB device with vendor_id 0x0005 and product_id 0x0005,
the matching function might match the wrong device, because the code

(dev->descriptor.idVendor & match->vendor_id) == match->vendor_id) {
 =>     0x0003 & 0x0001 == 0x0001 is true!
   and
     (dev->descriptor.idProduct & match->product_id) == match->product_id) {
 =>     0x0005 & 0x0001 == 0x0001 is true!

...which matches some other device than the one I wanted, if this other
device is scanned before the device I am interested in.

If you want a concrete example, I am looking for 0801:0001 which is the
Mag-Tek. lsusb>
Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 002: ID 0801:0001 Mag-Tek
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 002: ID 08ff:2810 AuthenTec, Inc.
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 002: ID 0930:6545 Toshiba Corp. Kingston DataTraveler 2.0
Stick (4GB) / PNY Attache 4GB Stick
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 006: ID 046d:c040 Logitech, Inc. Corded Tilt-Wheel Mouse
Bus 001 Device 005: ID 0409:0058 NEC Corp. HighSpeed Hub
Bus 001 Device 004: ID 04b3:4485 IBM Corp. Serial Converter
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

but hid_force_open tries to open 1d6b:0001, my root hub!

Our tool has been working rather hit and miss, sometimes it worked and
other times it failed and we had a hard time finding out why, until now.

Attached below is the patch that fixes this problem.

-- 
Kacper Wysocki / Infrastructure Systems Consultant
Mobile +47 943 94 126

Redpill Linpro - Changing the Game

Index: src/hid_opening.c
===================================================================
--- src/hid_opening.c	(revision 364)
+++ src/hid_opening.c	(working copy)
@@ -77,14 +77,14 @@

   TRACE("inspecting vendor ID...");
   if (dev->descriptor.idVendor > 0 &&
-      (dev->descriptor.idVendor & match->vendor_id) == match->vendor_id) {
+      dev->descriptor.idVendor == match->vendor_id) {
       TRACE("match on vendor ID: 0x%04x.", dev->descriptor.idVendor);
       ret |= USB_MATCH_VENDOR;
   }
   else TRACE("no match on vendor ID.");

   TRACE("inspecting product ID...");
-  if ((dev->descriptor.idProduct & match->product_id) ==
match->product_id) {
+  if (dev->descriptor.idProduct == match->product_id) {
       TRACE("match on product ID: 0x%04x.", dev->descriptor.idProduct);
       ret |= USB_MATCH_PRODUCT;
   }

More information about the libhid-discuss mailing list