On Wed, Mar 08, 2017 at 01:46:12PM +0000, Ian Abbott wrote: > On 02/03/17 14:29, Johan Hovold wrote: > > On Tue, Feb 28, 2017 at 12:51:26PM +0000, Ian Abbott wrote: > >> The "event_char" device attribute value, when written, is interpreted as > >> an enable bit in bit 8, and an "event character" in bits 7 to 0. Return > >> an error for out-of-range values. > >> > >> Signed-off-by: Ian Abbott <abbotti@xxxxxxxxx> > >> --- > >> drivers/usb/serial/ftdi_sio.c | 3 +++ > >> 1 file changed, 3 insertions(+) > >> > >> diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c > >> index 2da99875cecb..2662fc3b49c5 100644 > >> --- a/drivers/usb/serial/ftdi_sio.c > >> +++ b/drivers/usb/serial/ftdi_sio.c > >> @@ -1738,6 +1738,9 @@ static ssize_t store_event_char(struct device *dev, > >> int v = simple_strtoul(valbuf, NULL, 10); > >> int rv; > >> > >> + if (v < 0 || v >= 0x200) > >> + return -EINVAL; > >> + > > > > v < 0 is always false here due to the unsigned simple_strtoul above, > > which continues to accept negative values after this change. > > Not necessarily. Writing 18446744073709551615 (2^64 - 1) to the > "event_char" attribute file on a 64-bit system will set v to -1, for > example. Yeah, my bad, you get negative values on overflow (> INT_MAX) (also on 32-bit). But we'd still be accepting negative values after this change. > > It may be better to combine this with the kstrtouint conversion. > > Yes to handle all invalid inputs in a consistently. That also means > changing patch 3 (for the "latency_timer" attribute) in the same way. Yep. Thanks, Johan -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
