From 897c3bc63461de97178608055f1f3f8e0c2dacf7 Mon Sep 17 00:00:00 2001
From: Melki Christian <Christian.melki@saabgroup.com>
Date: Wed, 18 Sep 2013 13:27:05 +0200
Subject: [PATCH] 	* grub-core/bus/usb/usb.c
 (grub_usb_device_initialize): Add condition 	to break endless loop.

---
 ChangeLog               |  5 +++++
 grub-core/bus/usb/usb.c | 34 ++++++++++++++++++++++++++--------
 2 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5afeded9c..f058d1266 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-09-18  Melki Christian  <Christian.melki@saabgroup.com>
+
+	* grub-core/bus/usb/usb.c (grub_usb_device_initialize): Add condition
+	to break endless loop.
+
 2013-08-23  Vladimir Serbinenko  <phcoder@gmail.com>
 
 	* util/grub-fstest.c: Fix several printf formats.
diff --git a/grub-core/bus/usb/usb.c b/grub-core/bus/usb/usb.c
index 024190eaf..8da5e4c74 100644
--- a/grub-core/bus/usb/usb.c
+++ b/grub-core/bus/usb/usb.c
@@ -148,6 +148,7 @@ grub_usb_device_initialize (grub_usb_device_t dev)
       int pos;
       int currif;
       char *data;
+      struct grub_usb_desc *desc;
 
       /* First just read the first 4 bytes of the configuration
 	 descriptor, after that it is known how many bytes really have
@@ -174,18 +175,35 @@ grub_usb_device_initialize (grub_usb_device_t dev)
       /* Read all interfaces.  */
       for (currif = 0; currif < dev->config[i].descconf->numif; currif++)
 	{
-	  while (pos < config.totallen
-		 && ((struct grub_usb_desc *)&data[pos])->type
-		 != GRUB_USB_DESCRIPTOR_INTERFACE)
-	    pos += ((struct grub_usb_desc *)&data[pos])->length;
+	  while (pos < config.totallen)
+            {
+              desc = (struct grub_usb_desc *)&data[pos];
+              if (desc->type == GRUB_USB_DESCRIPTOR_INTERFACE)
+                break;
+              if (!desc->length)
+                {
+                  err = GRUB_USB_ERR_BADDEVICE;
+                  goto fail;
+                }
+              pos += desc->length;
+            }
+
 	  dev->config[i].interf[currif].descif
 	    = (struct grub_usb_desc_if *) &data[pos];
 	  pos += dev->config[i].interf[currif].descif->length;
 
-	  while (pos < config.totallen
-		 && ((struct grub_usb_desc *)&data[pos])->type
-		 != GRUB_USB_DESCRIPTOR_ENDPOINT)
-	    pos += ((struct grub_usb_desc *)&data[pos])->length;
+	  while (pos < config.totallen)
+            {
+              desc = (struct grub_usb_desc *)&data[pos];
+              if (desc->type == GRUB_USB_DESCRIPTOR_ENDPOINT)
+                break;
+              if (!desc->length)
+                {
+                  err = GRUB_USB_ERR_BADDEVICE;
+                  goto fail;
+                }
+              pos += desc->length;
+            }
 
 	  /* Point to the first endpoint.  */
 	  dev->config[i].interf[currif].descendp