From 29d32c557400d29c066fdbff305a2283d5b20729 Mon Sep 17 00:00:00 2001
From: Piotr Bartman-Szwarc <prbartman@invisiblethingslab.com>
Date: Tue, 18 Jun 2024 09:02:13 +0200
Subject: [PATCH] q-dev: handle invalid values

---
 qubesusbproxy/core3ext.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/qubesusbproxy/core3ext.py b/qubesusbproxy/core3ext.py
index 09e3ccd..96eb5e6 100644
--- a/qubesusbproxy/core3ext.py
+++ b/qubesusbproxy/core3ext.py
@@ -299,6 +299,9 @@ def _sanitize(
                         break
                     hex_code = untrusted_device_desc[i - 1: i + 1]
                     try:
+                        for i in range(2):
+                            if hex_code[i] not in b'0123456789abcdefABCDEF':
+                                raise ValueError()
                         hex_value = int(hex_code, 16)
                         c = chr(hex_value)
                     except ValueError: