svn commit: r220305 - stable/8/sys/dev/usb

[Hans Petter Selasky]

Author: hselasky
Date: Sun Apr  3 20:54:32 2011
New Revision: 220305
URL: http://svn.freebsd.org/changeset/base/220305

Log:
  MFC r213433
  Tighten USB string filtering.
  
  Approved by:	thompsa (mentor)

Modified:
  stable/8/sys/dev/usb/usb_request.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)

Modified: stable/8/sys/dev/usb/usb_request.c
==============================================================================
--- stable/8/sys/dev/usb/usb_request.c	Sun Apr  3 20:22:49 2011	(r220304)
+++ stable/8/sys/dev/usb/usb_request.c	Sun Apr  3 20:54:32 2011	(r220305)
@@ -1117,14 +1117,21 @@ usbd_req_get_string_any(struct usb_devic
 		}
 
 		/*
-		 * Filter by default - we don't allow greater and less than
-		 * signs because they might confuse the dmesg printouts!
+		 * Filter by default - We only allow alphanumerical
+		 * and a few more to avoid any problems with scripts
+		 * and daemons.
 		 */
-		if ((*s == '<') || (*s == '>') || (!isprint(*s))) {
-			/* silently skip bad character */
-			continue;
+		if (isalpha(*s) ||
+		    isdigit(*s) ||
+		    *s == '-' ||
+		    *s == '+' ||
+		    *s == ' ' ||
+		    *s == '.' ||
+		    *s == ',') {
+			/* allowed */
+			s++;
 		}
-		s++;
+		/* silently skip bad character */
 	}
 	*s = 0;				/* zero terminate resulting string */
 	return (USB_ERR_NORMAL_COMPLETION);