From owner-svn-src-stable@freebsd.org Thu Feb 13 20:40:37 2020 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6FD1D23484F; Thu, 13 Feb 2020 20:40:37 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48JT112QtBz4X9h; Thu, 13 Feb 2020 20:40:37 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 34F72187E0; Thu, 13 Feb 2020 20:40:37 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 01DKebEZ002360; Thu, 13 Feb 2020 20:40:37 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 01DKebTn002359; Thu, 13 Feb 2020 20:40:37 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <202002132040.01DKebTn002359@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Thu, 13 Feb 2020 20:40:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r357877 - stable/12/sys/cam/scsi X-SVN-Group: stable-12 X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: stable/12/sys/cam/scsi X-SVN-Commit-Revision: 357877 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Feb 2020 20:40:37 -0000 Author: asomers Date: Thu Feb 13 20:40:36 2020 New Revision: 357877 URL: https://svnweb.freebsd.org/changeset/base/357877 Log: MFC r355430: ses: sanitize illegal strings in SES element descriptors The SES4r3 standard requires that element descriptors may only contain ASCII characters in the range 0x20 to 0x7e. Some SuperMicro expanders violate that rule. This patch adds a sanity check to ses(4). Descriptors in violation will be replaced by "". This patch fixes "sesutil --libxo xml" on such systems. Previously it would generate non-well-formed XML output. PR: 241929 Reviewed by: allanjude Sponsored by: Axcient Modified: stable/12/sys/cam/scsi/scsi_enc_ses.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/cam/scsi/scsi_enc_ses.c ============================================================================== --- stable/12/sys/cam/scsi/scsi_enc_ses.c Thu Feb 13 20:32:05 2020 (r357876) +++ stable/12/sys/cam/scsi/scsi_enc_ses.c Thu Feb 13 20:40:36 2020 (r357877) @@ -110,7 +110,7 @@ typedef struct ses_addl_status { typedef struct ses_element { uint8_t eip; /* eip bit is set */ uint16_t descr_len; /* length of the descriptor */ - char *descr; /* descriptor for this object */ + const char *descr; /* descriptor for this object */ struct ses_addl_status addl; /* additional status info */ } ses_element_t; @@ -1977,6 +1977,35 @@ ses_publish_cache(enc_softc_t *enc, struct enc_fsm_sta return (0); } +/* + * \brief Sanitize an element descriptor + * + * The SES4r3 standard, sections 3.1.2 and 6.1.10, specifies that element + * descriptors may only contain ASCII characters in the range 0x20 to 0x7e. + * But some vendors violate that rule. Ensure that we only expose compliant + * descriptors to userland. + * + * \param desc SES element descriptor as reported by the hardware + * \param len Length of desc in bytes, not necessarily including + * trailing NUL. It will be modified if desc is invalid. + */ +static const char* +ses_sanitize_elm_desc(const char *desc, uint16_t *len) +{ + const char *invalid = ""; + int i; + + for (i = 0; i < *len; i++) { + if (desc[i] < 0x20 || desc[i] > 0x7e) { + *len = strlen(invalid); + return (invalid); + } else if (desc[i] == 0) { + break; + } + } + return (desc); +} + /** * \brief Parse the descriptors for each object. * @@ -2061,7 +2090,8 @@ ses_process_elm_descs(enc_softc_t *enc, struct enc_fsm if (length > 0) { elmpriv = element->elm_private; elmpriv->descr_len = length; - elmpriv->descr = &buf[offset]; + elmpriv->descr = ses_sanitize_elm_desc(&buf[offset], + &elmpriv->descr_len); } /* skip over the descriptor itself */