usbutils/0001-usbmisc-initialize-string-buffer-before-reading-from.patch

From e3a98cd4870e46cefbfaa1c6f3142c70351aba02 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 22 Oct 2020 12:01:44 +0200
Subject: [PATCH 11/15] usbmisc: initialize string buffer before reading from
 device.

Cliff Biffle points out that some devices lie about the length of their
string, so we end up with stack data in the string buffer, which is then
displayed by userspace.  Fix this up by initializing the data to 0 first
before reading from the device.

Reported-by: Cliff L. Biffle <code@cliffle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 usbmisc.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/usbmisc.c b/usbmisc.c
index 9a329f2..ba0591f 100644
--- a/usbmisc.c
+++ b/usbmisc.c
@@ -210,6 +210,12 @@ char *get_dev_string(libusb_device_handle *dev, uint8_t id)
 	langid = get_any_langid(dev);
 	if (!langid) return strdup("(error)");
 
+	/*
+	 * Some devices lie about their string size, so initialize
+	 * the buffer with all 0 to account for that.
+	 */
+	memset(unicode_buf, 0x00, sizeof(unicode_buf));
+
 	ret = libusb_get_string_descriptor(dev, id, langid,
 	                                   (unsigned char *) unicode_buf,
 	                                   sizeof unicode_buf);
-- 
1.8.3.1
usbutils: backport one patch to init string buffer before reading from it backport one patch to init string buffer before reading from it Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> 2020-10-29 21:44:05 +08:00			`From e3a98cd4870e46cefbfaa1c6f3142c70351aba02 Mon Sep 17 00:00:00 2001`
			`From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>`
			`Date: Thu, 22 Oct 2020 12:01:44 +0200`
			`Subject: [PATCH 11/15] usbmisc: initialize string buffer before reading from`
			`device.`

			`Cliff Biffle points out that some devices lie about the length of their`
			`string, so we end up with stack data in the string buffer, which is then`
			`displayed by userspace. Fix this up by initializing the data to 0 first`
			`before reading from the device.`

			`Reported-by: Cliff L. Biffle <code@cliffle.com>`
			`Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>`
			`---`
			`usbmisc.c \| 6 ++++++`
			`1 file changed, 6 insertions(+)`

			`diff --git a/usbmisc.c b/usbmisc.c`
			`index 9a329f2..ba0591f 100644`
			`--- a/usbmisc.c`
			`+++ b/usbmisc.c`
			`@@ -210,6 +210,12 @@ char get_dev_string(libusb_device_handle dev, uint8_t id)`
			`langid = get_any_langid(dev);`
			`if (!langid) return strdup("(error)");`

			`+ /*`
			`+ * Some devices lie about their string size, so initialize`
			`+ * the buffer with all 0 to account for that.`
			`+ */`
			`+ memset(unicode_buf, 0x00, sizeof(unicode_buf));`
			`+`
			`ret = libusb_get_string_descriptor(dev, id, langid,`
			`(unsigned char *) unicode_buf,`
			`sizeof unicode_buf);`
			`--`
			`1.8.3.1`