Re: CVS commit: src/sys/dev/usb

To: "Jonathan A. Kollasch" <jakllsch%kollasch.net@localhost>
Subject: Re: CVS commit: src/sys/dev/usb
From: SAITOH Masanobu <msaitoh%execsw.org@localhost>
Date: Wed, 12 Dec 2012 01:07:55 +0900

 Hi, Jonathan.

(2012/12/12 0:25), Jonathan A. Kollasch wrote:
> On Tue, Dec 11, 2012 at 09:17:32AM +0000, SAITOH Masanobu wrote:
>> Module Name: src
>> Committed By:        msaitoh
>> Date:                Tue Dec 11 09:17:32 UTC 2012
>>
>> Modified Files:
>>      src/sys/dev/usb: ubsa_common.c
>>
>> Log Message:
>> Fix off by one read error.
>>
>>
>> To generate a diff of this commit:
>> cvs rdiff -u -r1.8 -r1.9 src/sys/dev/usb/ubsa_common.c
> 
> Judging by the other usage of UBSA_MAXCONN, it appears it was correct
> before.
> 
>       Jonathan Kollasch


The diff is as follows:

> Index: ubsa_common.c
> ===================================================================
> RCS file: /cvsroot/src/sys/dev/usb/ubsa_common.c,v
> retrieving revision 1.8
> retrieving revision 1.9
> diff -U 9 -r1.8 -r1.9
> --- ubsa_common.c     24 Feb 2012 06:48:25 -0000      1.8
> +++ ubsa_common.c     11 Dec 2012 09:17:31 -0000      1.9
> @@ -99,19 +99,19 @@
>  {
>       usb_device_request_t req;
>       usbd_status err;
>  
>       if (sc->sc_quadumts)
>               req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
>       else
>               req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
>  
> -     if (portno > UBSA_MAXCONN) {
> +     if (portno >= UBSA_MAXCONN) {
>               printf("%s: ubsa_request: invalid port(%d)#\n",
>                       device_xname(sc->sc_dev), portno);
>               return USBD_INVAL; 
>       }
>  
>       req.bRequest = request;
>       USETW(req.wValue, value);
>       USETW(req.wIndex, sc->sc_iface_number[portno]);
>       USETW(req.wLength, 0);


And ubsavar.h says:

> #define UBSA_MAXCONN          3
> 
> struct        ubsa_softc {
>       device_t                sc_dev;         /* base device */
>       usbd_device_handle      sc_udev;        /* USB device */
>       usbd_interface_handle   sc_iface[UBSA_MAXCONN]; /* interface */
> 
>       int                     sc_iface_number[UBSA_MAXCONN];  /* interface 
> number */
>       int                     sc_config_index;        /* USB CONFIG_INDEX */
> 

If we allow portno == 3, sc_iface_number[portno] overruns.

-- 
-----------------------------------------------
                SAITOH Masanobu (msaitoh%execsw.org@localhost
                                 msaitoh%netbsd.org@localhost)

References:
- Re: CVS commit: src/sys/dev/usb
  - From: Jonathan A. Kollasch

Prev by Date: Re: CVS commit: src/sys/dev/usb
Next by Date: Re: CVS commit: src/sys/arch/sh3/sh3
Previous by Thread: Re: CVS commit: src/sys/dev/usb
Next by Thread: Re: CVS commit: src/sys/arch/sh3/sh3
Indexes:

Home | Main Index | Thread Index | Old Index