Date: Wed, 4 Aug 2010 16:14:42 GMT From: Hans Petter Selasky <hselasky@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 181839 for review Message-ID: <201008041614.o74GEgWf011062@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@181839?ac=10 Change 181839 by hselasky@hselasky_laptop001 on 2010/08/04 16:14:14 USB core: - be more strict filtering strings. Affected files ... .. //depot/projects/usb/src/sys/dev/usb/usb_request.c#39 edit Differences ... ==== //depot/projects/usb/src/sys/dev/usb/usb_request.c#39 (text+ko) ==== @@ -1029,14 +1029,22 @@ } /* - * Filter by default - we don't allow greater and less than - * signs because they might confuse the dmesg printouts! + * Filter by default - We only allow alphanumerical + * and a few more to avoid any problems with scripts + * and daemons. */ - if ((*s == '<') || (*s == '>') || (!isprint(*s))) { - /* silently skip bad character */ - continue; + if (((*s >= 'a') && (*s <= 'z')) || + ((*s >= 'A') && (*s <= 'Z')) || + ((*s >= '0') && (*s <= '9')) || + (*s == '-') || + (*s == '+') || + (*s == ' ') || + (*s == '.') || + (*s == ',')) { + /* allowed */ + s++; } - s++; + /* silently skip bad character */ } *s = 0; /* zero terminate resulting string */ return (USB_ERR_NORMAL_COMPLETION);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201008041614.o74GEgWf011062>