Date: Mon, 4 Oct 2010 22:45:17 +0000 (UTC) From: Hans Petter Selasky <hselasky@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r213433 - head/sys/dev/usb Message-ID: <201010042245.o94MjHf9029971@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hselasky Date: Mon Oct 4 22:45:17 2010 New Revision: 213433 URL: http://svn.freebsd.org/changeset/base/213433 Log: Add more strict USB string filtering. Approved by: thompsa (mentor) Modified: head/sys/dev/usb/usb_request.c Modified: head/sys/dev/usb/usb_request.c ============================================================================== --- head/sys/dev/usb/usb_request.c Mon Oct 4 22:21:30 2010 (r213432) +++ head/sys/dev/usb/usb_request.c Mon Oct 4 22:45:17 2010 (r213433) @@ -1018,14 +1018,21 @@ usbd_req_get_string_any(struct usb_devic } /* - * Filter by default - we don't allow greater and less than - * signs because they might confuse the dmesg printouts! + * Filter by default - We only allow alphanumerical + * and a few more to avoid any problems with scripts + * and daemons. */ - if ((*s == '<') || (*s == '>') || (!isprint(*s))) { - /* silently skip bad character */ - continue; + if (isalpha(*s) || + isdigit(*s) || + *s == '-' || + *s == '+' || + *s == ' ' || + *s == '.' || + *s == ',') { + /* allowed */ + s++; } - s++; + /* silently skip bad character */ } *s = 0; /* zero terminate resulting string */ return (USB_ERR_NORMAL_COMPLETION);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010042245.o94MjHf9029971>