On 02/03/17 14:29, Johan Hovold wrote:
On Tue, Feb 28, 2017 at 12:51:26PM +0000, Ian Abbott wrote:
The "event_char" device attribute value, when written, is interpreted as
an enable bit in bit 8, and an "event character" in bits 7 to 0. Return
an error for out-of-range values.
Signed-off-by: Ian Abbott <abbotti@xxxxxxxxx>
---
drivers/usb/serial/ftdi_sio.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
index 2da99875cecb..2662fc3b49c5 100644
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -1738,6 +1738,9 @@ static ssize_t store_event_char(struct device *dev,
int v = simple_strtoul(valbuf, NULL, 10);
int rv;
+ if (v < 0 || v >= 0x200)
+ return -EINVAL;
+
v < 0 is always false here due to the unsigned simple_strtoul above,
which continues to accept negative values after this change.
Not necessarily. Writing 18446744073709551615 (2^64 - 1) to the
"event_char" attribute file on a 64-bit system will set v to -1, for
example.
It may be better to combine this with the kstrtouint conversion.
Yes to handle all invalid inputs in a consistently. That also means
changing patch 3 (for the "latency_timer" attribute) in the same way.
dev_dbg(&port->dev, "%s: setting event char = %i\n", __func__, v);
rv = usb_control_msg(udev,
Johan
--
-=( Ian Abbott @ MEV Ltd. E-mail: <abbotti@xxxxxxxxx> )=-
-=( Web: http://www.mev.co.uk/ )=-
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
