Re: [patch] pegasus.c

Tue, 19 Feb 2008 00:11:40 -0800

This is another attempt on sending the pegasus patch with Alpine. I know it's even worse, but i've attached gzip-ed version just in case. 

Here goes a brief description of what's changed:

---
This patch is fixing a driver bug triggered when malformed string is passed to the 'devid' module parameter. The expected format is: 

        "device_name:vendor_id:device_id:flags"

but it turned out people often type:

        "somename::0"

instead of:

        "somename:::0"

which typically ends up dereferencing null pointer.


Signed-off-by: Petko Manolov <[EMAIL PROTECTED]>
---


cheers,
Petko


On Mon, 11 Feb 2008, Jeff Garzik wrote:


Petko Manolov wrote:

    Hi Jeff,
Attached you'll find a patch that is fixing a driver bug triggered when malformed string is passed to the 'devid' module parameter. The expected format is: 

    "device_name:vendor_id:device_id:flags"

but it turned out people often type:

    "somename::0"

instead of:

    "somename:::0"


ACK but two process problems preventing application:

* patch is base64-encoded

* no signed-off-by included

Attachment: pegasus.c.patch.gz
Description: Binary data

--- drivers/net/usb/pegasus.c.orig	2008-01-09 12:16:52.000000000 +0200
+++ drivers/net/usb/pegasus.c	2008-01-09 12:16:58.000000000 +0200
@@ -1461,12 +1461,24 @@ static void parse_id(char *id)
 
 	if ((token = strsep(&id, ":")) != NULL)
 		name = token;
+	else
+		goto err;
 	/* name now points to a null terminated string*/
 	if ((token = strsep(&id, ":")) != NULL)
 		vendor_id = simple_strtoul(token, NULL, 16);
+	else
+		goto err;
+
 	if ((token = strsep(&id, ":")) != NULL)
 		device_id = simple_strtoul(token, NULL, 16);
-	flags = simple_strtoul(id, NULL, 16);
+	else
+		goto err;
+
+	if (id != NULL)
+		flags = simple_strtoul(id, NULL, 16);
+	else
+		goto err;
+
 	pr_info("%s: new device %s, vendor ID 0x%04x, device ID 0x%04x, flags: 0x%x\n",
 	        driver_name, name, vendor_id, device_id, flags);
 
@@ -1476,6 +1488,7 @@ static void parse_id(char *id)
 		return;
 
 	for (i=0; usb_dev_id[i].name; i++);
+
 	usb_dev_id[i].name = name;
 	usb_dev_id[i].vendor = vendor_id;
 	usb_dev_id[i].device = device_id;
@@ -1483,6 +1496,11 @@ static void parse_id(char *id)
 	pegasus_ids[i].match_flags = USB_DEVICE_ID_MATCH_DEVICE;
 	pegasus_ids[i].idVendor = vendor_id;
 	pegasus_ids[i].idProduct = device_id;
+
+	return;
+
+err:
+	pr_info("malformed 'devid' module parameter\n");
 }
 
 static int __init pegasus_init(void)

Reply via email to