From owner-freebsd-usb@FreeBSD.ORG Sat Feb 25 09:17:01 2006 Return-Path: X-Original-To: freebsd-usb@freebsd.org Delivered-To: freebsd-usb@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C2E916A420; Sat, 25 Feb 2006 09:17:01 +0000 (GMT) (envelope-from hselasky@c2i.net) Received: from mail.turbocat.net (mail.turbocat.net [213.133.116.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA5A643D46; Sat, 25 Feb 2006 09:17:00 +0000 (GMT) (envelope-from hselasky@c2i.net) Received: by mail.turbocat.net (Postfix, from userid 1002) id 249F1422EC50; Sat, 25 Feb 2006 10:16:59 +0100 (CET) Received: from mp-217-36-31.daxnet.no (mp-217-36-31.daxnet.no [193.217.36.31]) by mail.turbocat.net (Postfix) with ESMTP id C5D1A422EC4B; Sat, 25 Feb 2006 10:16:57 +0100 (CET) From: Hans Petter Selasky To: Ian Dowse Date: Sat, 25 Feb 2006 10:17:11 +0100 User-Agent: KMail/1.7 References: <200602250411.k1P4BQ13052649@freefall.freebsd.org> In-Reply-To: <200602250411.k1P4BQ13052649@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200602251017.12146.hselasky@c2i.net> Cc: freebsd-usb@freebsd.org Subject: Re: usb/80773: "usbd_get_string()" could have taken a length parameter X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2006 09:17:01 -0000 On Saturday 25 February 2006 05:11, Ian Dowse wrote: > Synopsis: "usbd_get_string()" could have taken a length parameter > > State-Changed-From-To: open->feedback > State-Changed-By: iedowse > State-Changed-When: Sat Feb 25 04:10:27 UTC 2006 > State-Changed-Why: > > Can you provide a patch against -CURRENT to address this? > > http://www.freebsd.org/cgi/query-pr.cgi?pr=80773 #define usbd_get_string(udev, si, ptr) usbreq_get_string_any(udev, si, ptr, USB_MAX_STRING_LEN) /* Use "usbreq_get_string_any()" instead of * "usbreq_get_string_desc()", when the language id is not known. The * maximum length of the string, "len", includes the terminating zero. * "usbreq_get_string_any()" will always write a terminating zero to "buf", * also on error. */ usbd_status usbreq_get_string_any(struct usbd_device *udev, int si, char *buf, int len) { ... } I've already fixed this in my new USB driver. It is not critical, but it can be a pitfall for programmers, writing too long strings into too short fields. --HPS