Re: [PATCH] SCSI: sanitize INQUIRY strings

public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed

From: Matthew Wilcox <matthew@wil.cx>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: James Bottomley <James.Bottomley@SteelEye.com>,
	SCSI development list <linux-scsi@vger.kernel.org>
Subject: Re: [PATCH] SCSI: sanitize INQUIRY strings
Date: Mon, 21 Aug 2006 10:14:18 -0600	[thread overview]
Message-ID: <20060821161417.GB4340@parisc-linux.org> (raw)
In-Reply-To: <Pine.LNX.4.44L0.0608211201020.5792-100000@iolanthe.rowland.org>

On Mon, Aug 21, 2006 at 12:03:21PM -0400, Alan Stern wrote:
> This patch (as766) sanitizes the Vendor, Product, and Revision strings
> contained in an INQUIRY result, by setting all non-graphic or
> non-ASCII characters to ' '.  Since the standard disallows such
> characters, this will affect only non-compliant devices.

I thiink you attached the wrong patch; it doesn't match the description
at all.  Besides, print_inquiry is gone in scsi-misc.

> The most prominent effect will be to prevent stray NUL characters from
> terminating one of these strings early (which can prevent a blacklist
> match).
> 
> Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
> 
> ---
> 
> There is a small possibility that this may cause a problem for some users.  
> But nobody on the mailing raised any serious objections, so I'm submitting 
> it.  I know of one person it will definitely help.
> 
> Index: usb-2.6/drivers/scsi/scsi_scan.c
> ===================================================================
> --- usb-2.6.orig/drivers/scsi/scsi_scan.c
> +++ usb-2.6/drivers/scsi/scsi_scan.c
> @@ -148,27 +148,19 @@ static void scsi_unlock_floptical(struct
>  static void print_inquiry(unsigned char *inq_result)
>  {
>  	int i;
> +	int n = inq_result[4] + 5;
>  
>  	printk(KERN_NOTICE "  Vendor: ");
>  	for (i = 8; i < 16; i++)
> -		if (inq_result[i] >= 0x20 && i < inq_result[4] + 5)
> -			printk("%c", inq_result[i]);
> -		else
> -			printk(" ");
> +		printk("%c", (i < n ? inq_result[i] : ' '));
>  
>  	printk("  Model: ");
>  	for (i = 16; i < 32; i++)
> -		if (inq_result[i] >= 0x20 && i < inq_result[4] + 5)
> -			printk("%c", inq_result[i]);
> -		else
> -			printk(" ");
> +		printk("%c", (i < n ? inq_result[i] : ' '));
>  
>  	printk("  Rev: ");
>  	for (i = 32; i < 36; i++)
> -		if (inq_result[i] >= 0x20 && i < inq_result[4] + 5)
> -			printk("%c", inq_result[i]);
> -		else
> -			printk(" ");
> +		printk("%c", (i < n ? inq_result[i] : ' '));
>  
>  	printk("\n");
>  
> @@ -463,13 +455,14 @@ void scsi_target_reap(struct scsi_target
>   *     INQUIRY data is in @inq_result; the scsi_level and INQUIRY length
>   *     are copied to the scsi_device any flags value is stored in *@bflags.
>   **/
> -static int scsi_probe_lun(struct scsi_device *sdev, char *inq_result,
> +static int scsi_probe_lun(struct scsi_device *sdev, unsigned char *inq_result,
>  			  int result_len, int *bflags)
>  {
>  	unsigned char scsi_cmd[MAX_COMMAND_SIZE];
>  	int first_inquiry_len, try_inquiry_len, next_inquiry_len;
>  	int response_len = 0;
>  	int pass, count, result;
> +	int i;
>  	struct scsi_sense_hdr sshdr;
>  
>  	*bflags = 0;
> @@ -526,6 +519,12 @@ static int scsi_probe_lun(struct scsi_de
>  		if (response_len > 255)
>  			response_len = first_inquiry_len;	/* sanity */
>  
> +		/* Sanitize the Vendor, Product, and Revision fields. */
> +		for (i = 8; i < 36; ++i) {
> +			if (inq_result[i] < 0x20 || inq_result[i] > 0x7e)
> +				inq_result[i] = ' ';
> +		}
> +
>  		/*
>  		 * Get any flags for this device.
>  		 *
> @@ -628,7 +627,8 @@ static int scsi_probe_lun(struct scsi_de
>   *     SCSI_SCAN_NO_RESPONSE: could not allocate or setup a scsi_device
>   *     SCSI_SCAN_LUN_PRESENT: a new scsi_device was allocated and initialized
>   **/
> -static int scsi_add_lun(struct scsi_device *sdev, char *inq_result, int *bflags)
> +static int scsi_add_lun(struct scsi_device *sdev, unsigned char *inq_result,
> +		int *bflags)
>  {
>  	/*
>  	 * XXX do not save the inquiry, since it can change underneath us,
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2006-08-21 16:14 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-08-21 16:03 [PATCH] SCSI: sanitize INQUIRY strings Alan Stern
2006-08-21 16:14 ` Matthew Wilcox [this message]
2006-08-21 16:52   ` Alan Stern
2006-08-21 17:35     ` Matthew Wilcox
2006-08-21 18:11       ` Philip R. Auld
2006-08-21 18:27         ` Matthew Wilcox
2006-08-21 18:51           ` Philip R. Auld
2006-08-21 19:11             ` Alan Stern
2006-08-21 19:53           ` Alan Stern
2006-08-21 18:31       ` Alan Stern
2006-08-21 18:42         ` Matthew Wilcox
2006-08-21 19:08           ` Alan Stern

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060821161417.GB4340@parisc-linux.org \
    --to=matthew@wil.cx \
    --cc=James.Bottomley@SteelEye.com \
    --cc=linux-scsi@vger.kernel.org \
    --cc=stern@rowland.harvard.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox