Attachment #209139 for bug #241929




typedef struct ses_element {
	uint8_t eip;			/* eip bit is set */
	uint16_t descr_len;		/* length of the descriptor */
	const char *descr;		/* descriptor for this object */
	struct ses_addl_status addl;	/* additional status info */
} ses_element_t;


	return (0);
}

/*
 * \brief Sanitize an element descriptor
 *
 * The SES4r3 standard, sections 3.1.2 and 6.1.10, specifies that element
 * descriptors may only contain ASCII characters in the range 0x20 to 0x7e.
 * But some vendors violate that rule.  Ensure that we only expose compliant
 * descriptors to userland.
 *
 * \param desc		SES element descriptor as reported by the hardware
 * \param len		Length of desc in bytes, not necessarily including
 * 			trailing NUL.  It will be modified if desc is invalid.
 */
static const char*
ses_sanitize_elm_desc(const char *desc, uint16_t *len)
{
	const char *invalid = "<invalid>";
	int i;

	for (i = 0; i < *len; i++) {
		if (desc[i] < 0x20 || desc[i] > 0x7e) {
			*len = strlen(invalid);
			return (invalid);
		} else if (desc[i] == 0) {
			break;
		}
	}
	return (desc);
}

/**
 * \brief Parse the descriptors for each object.
 *

		if (length > 0) {
			elmpriv = element->elm_private;
			elmpriv->descr_len = length;
			elmpriv->descr = ses_sanitize_elm_desc(&buf[offset],
			    &elmpriv->descr_len);
		}

		/* skip over the descriptor itself */

Return to bug 241929

Lines 110-116 Link Here

(-)sys/cam/scsi/scsi_enc_ses.c (-2 / +32 lines)
110	typedef struct ses_element {	110	typedef struct ses_element {
111	uint8_t eip; /* eip bit is set */	111	uint8_t eip; /* eip bit is set */
112	uint16_t descr_len; /* length of the descriptor */	112	uint16_t descr_len; /* length of the descriptor */
113	char descr; / descriptor for this object */	113	const char descr; / descriptor for this object */
114	struct ses_addl_status addl; /* additional status info */	114	struct ses_addl_status addl; /* additional status info */
115	} ses_element_t;	115	} ses_element_t;
116		116
Lines 1977-1982 Link Here
1977	return (0);	1977	return (0);
1978	}	1978	}
1979		1979
		1980	/*
		1981	* \brief Sanitize an element descriptor
		1982	*
		1983	* The SES4r3 standard, sections 3.1.2 and 6.1.10, specifies that element
		1984	* descriptors may only contain ASCII characters in the range 0x20 to 0x7e.
		1985	* But some vendors violate that rule. Ensure that we only expose compliant
		1986	* descriptors to userland.
		1987	*
		1988	* \param desc SES element descriptor as reported by the hardware
		1989	* \param len Length of desc in bytes, not necessarily including
		1990	* trailing NUL. It will be modified if desc is invalid.
		1991	*/
		1992	static const char*
		1993	ses_sanitize_elm_desc(const char desc, uint16_t len)
		1994	{
		1995	const char *invalid = "<invalid>";
		1996	int i;
		1997
		1998	for (i = 0; i < *len; i++) {
		1999	if (desc[i] < 0x20 \|\| desc[i] > 0x7e) {
		2000	*len = strlen(invalid);
		2001	return (invalid);
		2002	} else if (desc[i] == 0) {
		2003	break;
		2004	}
		2005	}
		2006	return (desc);
		2007	}
		2008
1980	/**	2009	/**
1981	* \brief Parse the descriptors for each object.	2010	* \brief Parse the descriptors for each object.
1982	*	2011	*
Lines 2061-2067 Link Here
2061	if (length > 0) {	2090	if (length > 0) {
2062	elmpriv = element->elm_private;	2091	elmpriv = element->elm_private;
2063	elmpriv->descr_len = length;	2092	elmpriv->descr_len = length;
2064	elmpriv->descr = &buf[offset];	2093	elmpriv->descr = ses_sanitize_elm_desc(&buf[offset],
		2094	&elmpriv->descr_len);
2065	}	2095	}
2066		2096
2067	/* skip over the descriptor itself */	2097	/* skip over the descriptor itself */