diff options
author | Alan Stern <stern@rowland.harvard.edu> | 2009-12-07 16:47:43 -0500 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2009-12-11 14:55:26 -0500 |
commit | f3f6faa9edf67c1018270793e0547b0f81abb47e (patch) | |
tree | b3f9466d4cca6ee280917190b346bfe3a1a790e3 /drivers/usb/storage/usb.c | |
parent | a0bb108112a872c0b0c4b3ef4974f95fb75b155d (diff) |
USB: usb-storage: fix bug in fill_inquiry
This patch (as1312) fixes a minor bug in usb-storage. The
fill_inquiry() routine neglects to pre-load the inquiry data buffer
with spaces. As a result, if the vendor name is shorter than 8
characters or the product name is shorter than 16, the remainder will
be filled with garbage.
The patch also removes some unnecessary calls to strlen().
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/usb/storage/usb.c')
-rw-r--r-- | drivers/usb/storage/usb.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c index f5c0264caa33..5a53d4f0dd11 100644 --- a/drivers/usb/storage/usb.c +++ b/drivers/usb/storage/usb.c | |||
@@ -232,6 +232,7 @@ void fill_inquiry_response(struct us_data *us, unsigned char *data, | |||
232 | if (data_len<36) // You lose. | 232 | if (data_len<36) // You lose. |
233 | return; | 233 | return; |
234 | 234 | ||
235 | memset(data+8, ' ', 28); | ||
235 | if(data[0]&0x20) { /* USB device currently not connected. Return | 236 | if(data[0]&0x20) { /* USB device currently not connected. Return |
236 | peripheral qualifier 001b ("...however, the | 237 | peripheral qualifier 001b ("...however, the |
237 | physical device is not currently connected | 238 | physical device is not currently connected |
@@ -241,15 +242,15 @@ void fill_inquiry_response(struct us_data *us, unsigned char *data, | |||
241 | device, it may return zeros or ASCII spaces | 242 | device, it may return zeros or ASCII spaces |
242 | (20h) in those fields until the data is | 243 | (20h) in those fields until the data is |
243 | available from the device."). */ | 244 | available from the device."). */ |
244 | memset(data+8,0,28); | ||
245 | } else { | 245 | } else { |
246 | u16 bcdDevice = le16_to_cpu(us->pusb_dev->descriptor.bcdDevice); | 246 | u16 bcdDevice = le16_to_cpu(us->pusb_dev->descriptor.bcdDevice); |
247 | memcpy(data+8, us->unusual_dev->vendorName, | 247 | int n; |
248 | strlen(us->unusual_dev->vendorName) > 8 ? 8 : | 248 | |
249 | strlen(us->unusual_dev->vendorName)); | 249 | n = strlen(us->unusual_dev->vendorName); |
250 | memcpy(data+16, us->unusual_dev->productName, | 250 | memcpy(data+8, us->unusual_dev->vendorName, min(8, n)); |
251 | strlen(us->unusual_dev->productName) > 16 ? 16 : | 251 | n = strlen(us->unusual_dev->productName); |
252 | strlen(us->unusual_dev->productName)); | 252 | memcpy(data+16, us->unusual_dev->productName, min(16, n)); |
253 | |||
253 | data[32] = 0x30 + ((bcdDevice>>12) & 0x0F); | 254 | data[32] = 0x30 + ((bcdDevice>>12) & 0x0F); |
254 | data[33] = 0x30 + ((bcdDevice>>8) & 0x0F); | 255 | data[33] = 0x30 + ((bcdDevice>>8) & 0x0F); |
255 | data[34] = 0x30 + ((bcdDevice>>4) & 0x0F); | 256 | data[34] = 0x30 + ((bcdDevice>>4) & 0x0F); |