svn commit: r213433 - head/sys/dev/usb
Hans Petter Selasky
hselasky at FreeBSD.org
Mon Oct 4 22:45:17 UTC 2010
Author: hselasky
Date: Mon Oct 4 22:45:17 2010
New Revision: 213433
URL: http://svn.freebsd.org/changeset/base/213433
Log:
Add more strict USB string filtering.
Approved by: thompsa (mentor)
Modified:
head/sys/dev/usb/usb_request.c
Modified: head/sys/dev/usb/usb_request.c
==============================================================================
--- head/sys/dev/usb/usb_request.c Mon Oct 4 22:21:30 2010 (r213432)
+++ head/sys/dev/usb/usb_request.c Mon Oct 4 22:45:17 2010 (r213433)
@@ -1018,14 +1018,21 @@ usbd_req_get_string_any(struct usb_devic
}
/*
- * Filter by default - we don't allow greater and less than
- * signs because they might confuse the dmesg printouts!
+ * Filter by default - We only allow alphanumerical
+ * and a few more to avoid any problems with scripts
+ * and daemons.
*/
- if ((*s == '<') || (*s == '>') || (!isprint(*s))) {
- /* silently skip bad character */
- continue;
+ if (isalpha(*s) ||
+ isdigit(*s) ||
+ *s == '-' ||
+ *s == '+' ||
+ *s == ' ' ||
+ *s == '.' ||
+ *s == ',') {
+ /* allowed */
+ s++;
}
- s++;
+ /* silently skip bad character */
}
*s = 0; /* zero terminate resulting string */
return (USB_ERR_NORMAL_COMPLETION);
More information about the svn-src-all
mailing list