[PATCH] usb: io_edgeport, cleanup to unicode handling
Clean up the unicode handling in io_edgeport. Make get_string size-limited.
Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
index b606c59..c28f1f6 100644
--- a/drivers/usb/serial/io_edgeport.c
+++ b/drivers/usb/serial/io_edgeport.c
@@ -142,7 +142,7 @@
/* This structure holds all of the individual device information */
struct edgeport_serial {
- char name[MAX_NAME_LEN+1]; /* string name of this device */
+ char name[MAX_NAME_LEN+2]; /* string name of this device */
struct edge_manuf_descriptor manuf_descriptor; /* the manufacturer descriptor */
struct edge_boot_descriptor boot_descriptor; /* the boot firmware descriptor */
@@ -270,7 +270,7 @@
static void get_boot_desc (struct edgeport_serial *edge_serial);
static void load_application_firmware (struct edgeport_serial *edge_serial);
-static void unicode_to_ascii (char *string, __le16 *unicode, int unicode_size);
+static void unicode_to_ascii(char *string, int buflen, __le16 *unicode, int unicode_size);
// ************************************************************************
@@ -373,7 +373,7 @@
* Get string descriptor from device *
* *
************************************************************************/
-static int get_string (struct usb_device *dev, int Id, char *string)
+static int get_string (struct usb_device *dev, int Id, char *string, int buflen)
{
struct usb_string_descriptor StringDesc;
struct usb_string_descriptor *pStringDesc;
@@ -395,7 +395,7 @@
return 0;
}
- unicode_to_ascii(string, pStringDesc->wData, pStringDesc->bLength/2-1);
+ unicode_to_ascii(string, buflen, pStringDesc->wData, pStringDesc->bLength/2);
kfree(pStringDesc);
return strlen(string);
@@ -2564,16 +2564,20 @@
* ASCII range, but it's only for debugging...
* NOTE: expects the unicode in LE format
****************************************************************************/
-static void unicode_to_ascii (char *string, __le16 *unicode, int unicode_size)
+static void unicode_to_ascii(char *string, int buflen, __le16 *unicode, int unicode_size)
{
int i;
- if (unicode_size <= 0)
+ if (buflen <= 0) /* never happens, but... */
return;
+ --buflen; /* space for nul */
- for (i = 0; i < unicode_size; ++i)
+ for (i = 0; i < unicode_size; i++) {
+ if (i >= buflen)
+ break;
string[i] = (char)(le16_to_cpu(unicode[i]));
- string[unicode_size] = 0x00;
+ }
+ string[i] = 0x00;
}
@@ -2603,11 +2607,17 @@
dbg(" BoardRev: %d", edge_serial->manuf_descriptor.BoardRev);
dbg(" NumPorts: %d", edge_serial->manuf_descriptor.NumPorts);
dbg(" DescDate: %d/%d/%d", edge_serial->manuf_descriptor.DescDate[0], edge_serial->manuf_descriptor.DescDate[1], edge_serial->manuf_descriptor.DescDate[2]+1900);
- unicode_to_ascii (string, edge_serial->manuf_descriptor.SerialNumber, edge_serial->manuf_descriptor.SerNumLength/2-1);
+ unicode_to_ascii(string, 30,
+ edge_serial->manuf_descriptor.SerialNumber,
+ edge_serial->manuf_descriptor.SerNumLength/2);
dbg(" SerialNumber: %s", string);
- unicode_to_ascii (string, edge_serial->manuf_descriptor.AssemblyNumber, edge_serial->manuf_descriptor.AssemblyNumLength/2-1);
+ unicode_to_ascii(string, 30,
+ edge_serial->manuf_descriptor.AssemblyNumber,
+ edge_serial->manuf_descriptor.AssemblyNumLength/2);
dbg(" AssemblyNumber: %s", string);
- unicode_to_ascii (string, edge_serial->manuf_descriptor.OemAssyNumber, edge_serial->manuf_descriptor.OemAssyNumLength/2-1);
+ unicode_to_ascii(string, 30,
+ edge_serial->manuf_descriptor.OemAssyNumber,
+ edge_serial->manuf_descriptor.OemAssyNumLength/2);
dbg(" OemAssyNumber: %s", string);
dbg(" UartType: %d", edge_serial->manuf_descriptor.UartType);
dbg(" IonPid: %d", edge_serial->manuf_descriptor.IonPid);
@@ -2735,11 +2745,11 @@
usb_set_serial_data(serial, edge_serial);
/* get the name for the device from the device */
- if ( (i = get_string(dev, dev->descriptor.iManufacturer, &edge_serial->name[0])) != 0) {
- edge_serial->name[i-1] = ' ';
- }
-
- get_string(dev, dev->descriptor.iProduct, &edge_serial->name[i]);
+ i = get_string(dev, dev->descriptor.iManufacturer,
+ &edge_serial->name[0], MAX_NAME_LEN+1);
+ edge_serial->name[i++] = ' ';
+ get_string(dev, dev->descriptor.iProduct,
+ &edge_serial->name[i], MAX_NAME_LEN+2 - i);
dev_info(&serial->dev->dev, "%s detected\n", edge_serial->name);