From owner-freebsd-usb@FreeBSD.ORG  Fri Dec  8 11:50:11 2006
Return-Path: <owner-freebsd-usb@FreeBSD.ORG>
X-Original-To: freebsd-usb@hub.freebsd.org
Delivered-To: freebsd-usb@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 0A4F816A403
	for <freebsd-usb@hub.freebsd.org>; Fri,  8 Dec 2006 11:50:11 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1F6E643CAE
	for <freebsd-usb@hub.freebsd.org>; Fri,  8 Dec 2006 11:49:13 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kB8Bo98B072383
	for <freebsd-usb@freefall.freebsd.org>; Fri, 8 Dec 2006 11:50:09 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kB8Bo9d7072382;
	Fri, 8 Dec 2006 11:50:09 GMT (envelope-from gnats)
Date: Fri, 8 Dec 2006 11:50:09 GMT
Message-Id: <200612081150.kB8Bo9d7072382@freefall.freebsd.org>
To: freebsd-usb@FreeBSD.org
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Cc: 
Subject: Re: usb/106435: Possible buffer overflow in dev/usb/ums.c
X-BeenThere: freebsd-usb@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
List-Id: FreeBSD support for USB <freebsd-usb.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-usb>,
	<mailto:freebsd-usb-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-usb>
List-Post: <mailto:freebsd-usb@freebsd.org>
List-Help: <mailto:freebsd-usb-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-usb>,
	<mailto:freebsd-usb-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Dec 2006 11:50:11 -0000

The following reply was made to PR usb/106435; it has been noted by GNATS.

From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-usb@FreeBSD.org
Cc:  
Subject: Re: usb/106435: Possible buffer overflow in dev/usb/ums.c
Date: Fri, 8 Dec 2006 14:40:36 +0300

 Sorry, missed the double quote in the patch. The real patch
 should be:
 
 --- ums.c.orig	Tue Dec  5 13:29:34 2006
 +++ ums.c	Tue Dec  5 13:31:40 2006
 @@ -431,9 +431,10 @@
  #define UMS_BUT(i) ((i) < 3 ? (((i) + 2) % 3) : (i))
  
  	DPRINTFN(5, ("ums_intr: sc=%p status=%d\n", sc, status));
 -	DPRINTFN(5, ("ums_intr: data = %02x %02x %02x %02x %02x %02x\n",
 -		     sc->sc_ibuf[0], sc->sc_ibuf[1], sc->sc_ibuf[2],
 -		     sc->sc_ibuf[3], sc->sc_ibuf[4], sc->sc_ibuf[5]));
 +	DPRINTFN(5, ("ums_intr: data ="));
 +	for (i = 0; i < sc->sc_isize; i++)
 +		DPRINTFN(5, (" %02x", sc->sc_ibuf[i]));
 +	DPRINTFN(5, ("\n"));
  
  	if (status == USBD_CANCELLED)
  		return;
 -- 
 Eygene