aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/usb/storage/usb.c
diff options
context:
space:
mode:
authorAlan Stern <stern@rowland.harvard.edu>2009-12-07 16:47:43 -0500
committerGreg Kroah-Hartman <gregkh@suse.de>2009-12-11 14:55:26 -0500
commitf3f6faa9edf67c1018270793e0547b0f81abb47e (patch)
treeb3f9466d4cca6ee280917190b346bfe3a1a790e3 /drivers/usb/storage/usb.c
parenta0bb108112a872c0b0c4b3ef4974f95fb75b155d (diff)
USB: usb-storage: fix bug in fill_inquiry
This patch (as1312) fixes a minor bug in usb-storage. The fill_inquiry() routine neglects to pre-load the inquiry data buffer with spaces. As a result, if the vendor name is shorter than 8 characters or the product name is shorter than 16, the remainder will be filled with garbage. The patch also removes some unnecessary calls to strlen(). Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/usb/storage/usb.c')
-rw-r--r--drivers/usb/storage/usb.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c
index f5c0264caa33..5a53d4f0dd11 100644
--- a/drivers/usb/storage/usb.c
+++ b/drivers/usb/storage/usb.c
@@ -232,6 +232,7 @@ void fill_inquiry_response(struct us_data *us, unsigned char *data,
232 if (data_len<36) // You lose. 232 if (data_len<36) // You lose.
233 return; 233 return;
234 234
235 memset(data+8, ' ', 28);
235 if(data[0]&0x20) { /* USB device currently not connected. Return 236 if(data[0]&0x20) { /* USB device currently not connected. Return
236 peripheral qualifier 001b ("...however, the 237 peripheral qualifier 001b ("...however, the
237 physical device is not currently connected 238 physical device is not currently connected
@@ -241,15 +242,15 @@ void fill_inquiry_response(struct us_data *us, unsigned char *data,
241 device, it may return zeros or ASCII spaces 242 device, it may return zeros or ASCII spaces
242 (20h) in those fields until the data is 243 (20h) in those fields until the data is
243 available from the device."). */ 244 available from the device."). */
244 memset(data+8,0,28);
245 } else { 245 } else {
246 u16 bcdDevice = le16_to_cpu(us->pusb_dev->descriptor.bcdDevice); 246 u16 bcdDevice = le16_to_cpu(us->pusb_dev->descriptor.bcdDevice);
247 memcpy(data+8, us->unusual_dev->vendorName, 247 int n;
248 strlen(us->unusual_dev->vendorName) > 8 ? 8 : 248
249 strlen(us->unusual_dev->vendorName)); 249 n = strlen(us->unusual_dev->vendorName);
250 memcpy(data+16, us->unusual_dev->productName, 250 memcpy(data+8, us->unusual_dev->vendorName, min(8, n));
251 strlen(us->unusual_dev->productName) > 16 ? 16 : 251 n = strlen(us->unusual_dev->productName);
252 strlen(us->unusual_dev->productName)); 252 memcpy(data+16, us->unusual_dev->productName, min(16, n));
253
253 data[32] = 0x30 + ((bcdDevice>>12) & 0x0F); 254 data[32] = 0x30 + ((bcdDevice>>12) & 0x0F);
254 data[33] = 0x30 + ((bcdDevice>>8) & 0x0F); 255 data[33] = 0x30 + ((bcdDevice>>8) & 0x0F);
255 data[34] = 0x30 + ((bcdDevice>>4) & 0x0F); 256 data[34] = 0x30 + ((bcdDevice>>4) & 0x0F);