From owner-freebsd-usb@FreeBSD.ORG Sat Jun 30 15:08:31 2007 Return-Path: X-Original-To: freebsd-usb@freebsd.org Delivered-To: freebsd-usb@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5617C16A41F; Sat, 30 Jun 2007 15:08:31 +0000 (UTC) (envelope-from imp@bsdimp.com) Received: from harmony.bsdimp.com (bsdimp.com [199.45.160.85]) by mx1.freebsd.org (Postfix) with ESMTP id 01A3313C4B7; Sat, 30 Jun 2007 15:08:30 +0000 (UTC) (envelope-from imp@bsdimp.com) Received: from localhost (localhost [127.0.0.1]) by harmony.bsdimp.com (8.13.8/8.13.4) with ESMTP id l5UF7ddV076398; Sat, 30 Jun 2007 09:07:40 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Sat, 30 Jun 2007 09:08:18 -0600 (MDT) Message-Id: <20070630.090818.84361176.imp@bsdimp.com> To: linimon@freebsd.org From: "M. Warner Losh" In-Reply-To: <200706300641.l5U6f727098044@freefall.freebsd.org> References: <200706300641.l5U6f727098044@freefall.freebsd.org> X-Mailer: Mew version 5.2 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Multipart/Mixed; boundary="--Next_Part(Sat_Jun_30_09_08_18_2007_041)--" Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0 (harmony.bsdimp.com [127.0.0.1]); Sat, 30 Jun 2007 09:07:40 -0600 (MDT) Cc: bug-followup@freebsd.org, freebsd-usb@freebsd.org Subject: Re: usb/80773: "usbd_get_string()" could have taken a length parameter X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jun 2007 15:08:31 -0000 ----Next_Part(Sat_Jun_30_09_08_18_2007_041)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Please find enclosed a patch for this. I'm sitting on the fence as to whether or not to commit it, since it is an api/abi change. Warner ----Next_Part(Sat_Jun_30_09_08_18_2007_041)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename=patch Index: if_cdce.c =================================================================== RCS file: /home/ncvs/src/sys/dev/usb/if_cdce.c,v retrieving revision 1.24 diff -u -r1.24 if_cdce.c --- if_cdce.c 23 Jun 2007 06:47:43 -0000 1.24 +++ if_cdce.c 30 Jun 2007 14:28:41 -0000 @@ -280,7 +280,8 @@ ue = (const usb_cdc_ethernet_descriptor_t *)usb_find_desc(dev, UDESC_INTERFACE, UDESCSUB_CDC_ENF); - if (!ue || usbd_get_string(dev, ue->iMacAddress, eaddr_str)) { + if (!ue || usbd_get_string(dev, ue->iMacAddress, eaddr_str, + sizeof(eaddr_str))) { /* Fake MAC address */ device_printf(sc->cdce_dev, "faking MAC address\n"); eaddr[0]= 0x2a; Index: uhub.c =================================================================== RCS file: /home/ncvs/src/sys/dev/usb/uhub.c,v retrieving revision 1.81 diff -u -r1.81 uhub.c --- uhub.c 29 Jun 2007 20:34:42 -0000 1.81 +++ uhub.c 30 Jun 2007 14:28:41 -0000 @@ -655,7 +655,8 @@ found_dev: /* XXX can sleep */ - (void)usbd_get_string(dev, dev->ddesc.iSerialNumber, &serial[0]); + (void)usbd_get_string(dev, dev->ddesc.iSerialNumber, serial, + sizeof(serial)); if (dev->ifacenums == NULL) { snprintf(buf, buflen, "vendor=0x%04x product=0x%04x " "devclass=0x%02x devsubclass=0x%02x " Index: usb_subr.c =================================================================== RCS file: /home/ncvs/src/sys/dev/usb/usb_subr.c,v retrieving revision 1.94 diff -u -r1.94 usb_subr.c --- usb_subr.c 20 Jun 2007 05:10:54 -0000 1.94 +++ usb_subr.c 30 Jun 2007 14:28:42 -0000 @@ -213,12 +213,14 @@ } if (usedev) { - if (usbd_get_string(dev, udd->iManufacturer, v)) + if (usbd_get_string(dev, udd->iManufacturer, v, + USB_MAX_STRING_LEN)) vendor = NULL; else vendor = v; usbd_trim_spaces(vendor); - if (usbd_get_string(dev, udd->iProduct, p)) + if (usbd_get_string(dev, udd->iProduct, p, + USB_MAX_STRING_LEN)) product = NULL; else product = p; Index: usbdi.c =================================================================== RCS file: /home/ncvs/src/sys/dev/usb/usbdi.c,v retrieving revision 1.102 diff -u -r1.102 usbdi.c --- usbdi.c 20 Jun 2007 05:10:54 -0000 1.102 +++ usbdi.c 30 Jun 2007 14:28:42 -0000 @@ -1310,7 +1310,7 @@ } usbd_status -usbd_get_string(usbd_device_handle dev, int si, char *buf) +usbd_get_string(usbd_device_handle dev, int si, char *buf, size_t len) { int swap = dev->quirks->uq_flags & UQ_SWAP_UNICODE; usb_string_descriptor_t us; @@ -1321,6 +1321,8 @@ int size; buf[0] = '\0'; + if (len == 0) + return (USBD_NORMAL_COMPLETION); if (si == 0) return (USBD_INVAL); if (dev->quirks->uq_flags & UQ_NO_STRINGS) @@ -1342,7 +1344,7 @@ return (err); s = buf; n = size / 2 - 1; - for (i = 0; i < n; i++) { + for (i = 0; i < n && i < len - 1; i++) { c = UGETW(us.bString[i]); /* Convert from Unicode, handle buggy strings. */ if ((c & 0xff00) == 0) Index: usbdi.h =================================================================== RCS file: /home/ncvs/src/sys/dev/usb/usbdi.h,v retrieving revision 1.62 diff -u -r1.62 usbdi.h --- usbdi.h 12 Jun 2007 19:40:20 -0000 1.62 +++ usbdi.h 30 Jun 2007 14:28:42 -0000 @@ -173,7 +173,8 @@ int usbd_ratecheck(struct timeval *last); -usbd_status usbd_get_string(usbd_device_handle dev, int si, char *buf); +usbd_status usbd_get_string(usbd_device_handle dev, int si, char *buf, + size_t len); /* An iterator for descriptors. */ typedef struct { ----Next_Part(Sat_Jun_30_09_08_18_2007_041)----