As noted by Dan Carpenter, io_edgeport does DMA to stack and fails to
handle errors in get_string(). The latter could result in corrupted
debug strings.
Use usb_string instead of custom implementation to retrieve and convert
strings to utf-8.
Reported-by: Dan Carpenter <error27@xxxxxxxxx>
Signed-off-by: Johan Hovold <jhovold@xxxxxxxxx>
---
drivers/usb/serial/io_edgeport.c | 24 +++++-------------------
1 files changed, 5 insertions(+), 19 deletions(-)
diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
index b97960a..711b414 100644
--- a/drivers/usb/serial/io_edgeport.c
+++ b/drivers/usb/serial/io_edgeport.c
@@ -372,31 +372,17 @@ static void update_edgeport_E2PROM(struct edgeport_serial *edge_serial)
************************************************************************/
static int get_string(struct usb_device *dev, int Id, char *string, int buflen)
{
- struct usb_string_descriptor StringDesc;
- struct usb_string_descriptor *pStringDesc;
+ int ret;
dbg("%s - USB String ID = %d", __func__, Id);
- if (!usb_get_descriptor(dev, USB_DT_STRING, Id,
- &StringDesc, sizeof(StringDesc)))
- return 0;
-
- pStringDesc = kmalloc(StringDesc.bLength, GFP_KERNEL);
- if (!pStringDesc)
- return 0;
-
- if (!usb_get_descriptor(dev, USB_DT_STRING, Id,
- pStringDesc, StringDesc.bLength)) {
- kfree(pStringDesc);
+ ret = usb_string(dev, Id, string, buflen);
+ if (ret < 0)
return 0;
- }
-
- unicode_to_ascii(string, buflen,
- pStringDesc->wData, pStringDesc->bLength/2);
- kfree(pStringDesc);
dbg("%s - USB String %s", __func__, string);
- return strlen(string);
+
+ return ret;
}
--
1.6.6.1
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
