Re: [PATCH] SCSI: sanitize INQUIRY strings

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Matthew Wilcox <matthew@wil.cx>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: James Bottomley <James.Bottomley@SteelEye.com>,
	SCSI development list <linux-scsi@vger.kernel.org>
Subject: Re: [PATCH] SCSI: sanitize INQUIRY strings
Date: Mon, 21 Aug 2006 10:14:18 -0600	[thread overview]
Message-ID: <20060821161417.GB4340@parisc-linux.org> (raw)
In-Reply-To: <Pine.LNX.4.44L0.0608211201020.5792-100000@iolanthe.rowland.org>

On Mon, Aug 21, 2006 at 12:03:21PM -0400, Alan Stern wrote:
> This patch (as766) sanitizes the Vendor, Product, and Revision strings
> contained in an INQUIRY result, by setting all non-graphic or
> non-ASCII characters to ' '.  Since the standard disallows such
> characters, this will affect only non-compliant devices.

I thiink you attached the wrong patch; it doesn't match the description
at all.  Besides, print_inquiry is gone in scsi-misc.

> The most prominent effect will be to prevent stray NUL characters from
> terminating one of these strings early (which can prevent a blacklist
> match).
> 
> Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
> 
> ---
> 
> There is a small possibility that this may cause a problem for some users.  
> But nobody on the mailing raised any serious objections, so I'm submitting 
> it.  I know of one person it will definitely help.
> 
> Index: usb-2.6/drivers/scsi/scsi_scan.c
> ===================================================================
> --- usb-2.6.orig/drivers/scsi/scsi_scan.c
> +++ usb-2.6/drivers/scsi/scsi_scan.c
> @@ -148,27 +148,19 @@ static void scsi_unlock_floptical(struct
>  static void print_inquiry(unsigned char *inq_result)
>  {
>  	int i;
> +	int n = inq_result[4] + 5;
>  
>  	printk(KERN_NOTICE "  Vendor: ");
>  	for (i = 8; i < 16; i++)
> -		if (inq_result[i] >= 0x20 && i < inq_result[4] + 5)
> -			printk("%c", inq_result[i]);
> -		else
> -			printk(" ");
> +		printk("%c", (i < n ? inq_result[i] : ' '));
>  
>  	printk("  Model: ");
>  	for (i = 16; i < 32; i++)
> -		if (inq_result[i] >= 0x20 && i < inq_result[4] + 5)
> -			printk("%c", inq_result[i]);
> -		else
> -			printk(" ");
> +		printk("%c", (i < n ? inq_result[i] : ' '));
>  
>  	printk("  Rev: ");
>  	for (i = 32; i < 36; i++)
> -		if (inq_result[i] >= 0x20 && i < inq_result[4] + 5)
> -			printk("%c", inq_result[i]);
> -		else
> -			printk(" ");
> +		printk("%c", (i < n ? inq_result[i] : ' '));
>  
>  	printk("\n");
>  
> @@ -463,13 +455,14 @@ void scsi_target_reap(struct scsi_target
>   *     INQUIRY data is in @inq_result; the scsi_level and INQUIRY length
>   *     are copied to the scsi_device any flags value is stored in *@bflags.
>   **/
> -static int scsi_probe_lun(struct scsi_device *sdev, char *inq_result,
> +static int scsi_probe_lun(struct scsi_device *sdev, unsigned char *inq_result,
>  			  int result_len, int *bflags)
>  {
>  	unsigned char scsi_cmd[MAX_COMMAND_SIZE];
>  	int first_inquiry_len, try_inquiry_len, next_inquiry_len;
>  	int response_len = 0;
>  	int pass, count, result;
> +	int i;
>  	struct scsi_sense_hdr sshdr;
>  
>  	*bflags = 0;
> @@ -526,6 +519,12 @@ static int scsi_probe_lun(struct scsi_de
>  		if (response_len > 255)
>  			response_len = first_inquiry_len;	/* sanity */
>  
> +		/* Sanitize the Vendor, Product, and Revision fields. */
> +		for (i = 8; i < 36; ++i) {
> +			if (inq_result[i] < 0x20 || inq_result[i] > 0x7e)
> +				inq_result[i] = ' ';
> +		}
> +
>  		/*
>  		 * Get any flags for this device.
>  		 *
> @@ -628,7 +627,8 @@ static int scsi_probe_lun(struct scsi_de
>   *     SCSI_SCAN_NO_RESPONSE: could not allocate or setup a scsi_device
>   *     SCSI_SCAN_LUN_PRESENT: a new scsi_device was allocated and initialized
>   **/
> -static int scsi_add_lun(struct scsi_device *sdev, char *inq_result, int *bflags)
> +static int scsi_add_lun(struct scsi_device *sdev, unsigned char *inq_result,
> +		int *bflags)
>  {
>  	/*
>  	 * XXX do not save the inquiry, since it can change underneath us,
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2006-08-21 16:14 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-08-21 16:03 [PATCH] SCSI: sanitize INQUIRY strings Alan Stern
2006-08-21 16:14 ` Matthew Wilcox [this message]
2006-08-21 16:52   ` Alan Stern
2006-08-21 17:35     ` Matthew Wilcox
2006-08-21 18:11       ` Philip R. Auld
2006-08-21 18:27         ` Matthew Wilcox
2006-08-21 18:51           ` Philip R. Auld
2006-08-21 19:11             ` Alan Stern
2006-08-21 19:53           ` Alan Stern
2006-08-21 18:31       ` Alan Stern
2006-08-21 18:42         ` Matthew Wilcox
2006-08-21 19:08           ` Alan Stern

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060821161417.GB4340@parisc-linux.org \
    --to=matthew@wil.cx \
    --cc=James.Bottomley@SteelEye.com \
    --cc=linux-scsi@vger.kernel.org \
    --cc=stern@rowland.harvard.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.