Attachment #209138 for bug #241929




typedef struct ses_element {
	uint8_t eip;			/* eip bit is set */
	uint16_t descr_len;		/* length of the descriptor */
	const char *descr;		/* descriptor for this object */
	struct ses_addl_status addl;	/* additional status info */
} ses_element_t;


	return (0);
}

/*
 * \brief Sanitize an element descriptor
 *
 * The SES4r3 standard, sections 3.1.2 and 6.1.10, specifies that element
 * descriptors may only contain ASCII characters in the range 0x20 to 0x7e.
 * But some vendors violate that rule.  Ensure that we only expose compliant
 * descriptors to userland.
 *
 * \param desc		SES element descriptor as reported by the hardware
 * \param len		Length of desc in bytes, not necessarily including
 * 			trailing NUL
 */
static const char*
ses_sanitize_elm_desc(char *desc, int len)
{
	int i;

	for (i = 0; i < len; i++) {
		if (desc[i] < 0x20 || desc[i] > 0x7e) {
			return ("<invalid>");
		} else if (desc[i] == 0) {
			break;
		}
	}
	return (desc);
}

/**
 * \brief Parse the descriptors for each object.
 *

		if (length > 0) {
			elmpriv = element->elm_private;
			elmpriv->descr_len = length;
			elmpriv->descr = ses_sanitize_elm_desc(&buf[offset],
			    length);
		}

		/* skip over the descriptor itself */

Return to bug 241929

Lines 110-116 Link Here

(-)sys/cam/scsi/scsi_enc_ses.c (-2 / +30 lines)
110	typedef struct ses_element {	110	typedef struct ses_element {
111	uint8_t eip; /* eip bit is set */	111	uint8_t eip; /* eip bit is set */
112	uint16_t descr_len; /* length of the descriptor */	112	uint16_t descr_len; /* length of the descriptor */
113	char descr; / descriptor for this object */	113	const char descr; / descriptor for this object */
114	struct ses_addl_status addl; /* additional status info */	114	struct ses_addl_status addl; /* additional status info */
115	} ses_element_t;	115	} ses_element_t;
116		116
Lines 1977-1982 Link Here
1977	return (0);	1977	return (0);
1978	}	1978	}
1979		1979
		1980	/*
		1981	* \brief Sanitize an element descriptor
		1982	*
		1983	* The SES4r3 standard, sections 3.1.2 and 6.1.10, specifies that element
		1984	* descriptors may only contain ASCII characters in the range 0x20 to 0x7e.
		1985	* But some vendors violate that rule. Ensure that we only expose compliant
		1986	* descriptors to userland.
		1987	*
		1988	* \param desc SES element descriptor as reported by the hardware
		1989	* \param len Length of desc in bytes, not necessarily including
		1990	* trailing NUL
		1991	*/
		1992	static const char*
		1993	ses_sanitize_elm_desc(char *desc, int len)
		1994	{
		1995	int i;
		1996
		1997	for (i = 0; i < len; i++) {
		1998	if (desc[i] < 0x20 \|\| desc[i] > 0x7e) {
		1999	return ("<invalid>");
		2000	} else if (desc[i] == 0) {
		2001	break;
		2002	}
		2003	}
		2004	return (desc);
		2005	}
		2006
1980	/**	2007	/**
1981	* \brief Parse the descriptors for each object.	2008	* \brief Parse the descriptors for each object.
1982	*	2009	*
Lines 2061-2067 Link Here
2061	if (length > 0) {	2088	if (length > 0) {
2062	elmpriv = element->elm_private;	2089	elmpriv = element->elm_private;
2063	elmpriv->descr_len = length;	2090	elmpriv->descr_len = length;
2064	elmpriv->descr = &buf[offset];	2091	elmpriv->descr = ses_sanitize_elm_desc(&buf[offset],
		2092	length);
2065	}	2093	}
2066		2094
2067	/* skip over the descriptor itself */	2095	/* skip over the descriptor itself */