| Message ID | 2eb7-5f046f80-f7-5cdcc200@136674391 (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2] usb: core: fix quirks_param_set() writing to a const pointer | expand |
On Tue, Jul 07, 2020 at 02:51:02PM +0200, Kars Mulder wrote: > The function quirks_param_set() takes as argument a const char* pointer > to the new value of the usbcore.quirks parameter. It then casts this > pointer to a non-const char* pointer and passes it to the strsep() > function, which overwrites the value. > > Fix this by creating a copy of the value using kstrdup() and letting > that copy be written to by strsep(). > > Fixes: 027bd6cafd9a ("usb: core: Add "quirks" parameter for usbcore") > Signed-off-by: Kars Mulder <kerneldev@karsmulder.nl> > > --- > drivers/usb/core/quirks.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) What changed from v1? Always put that below the --- line like the documentation asks. Please fix up and resend a v3. thanks, greg k-h
diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c index e0b77674869c..c96c50faccf7 100644 --- a/drivers/usb/core/quirks.c +++ b/drivers/usb/core/quirks.c @@ -25,17 +25,23 @@ static unsigned int quirk_count; static char quirks_param[128]; -static int quirks_param_set(const char *val, const struct kernel_param *kp) +static int quirks_param_set(const char *value, const struct kernel_param *kp) { - char *p, *field; + char *val, *p, *field; u16 vid, pid; u32 flags; size_t i; int err; + val = kstrdup(value, GFP_KERNEL); + if (!val) + return -ENOMEM; + err = param_set_copystring(val, kp); - if (err) + if (err) { + kfree(val); return err; + } mutex_lock(&quirk_mutex); @@ -60,10 +66,11 @@ static int quirks_param_set(const char *val, const struct kernel_param *kp) if (!quirk_list) { quirk_count = 0; mutex_unlock(&quirk_mutex); + kfree(val); return -ENOMEM; } - for (i = 0, p = (char *)val; p && *p;) { + for (i = 0, p = val; p && *p;) { /* Each entry consists of VID:PID:flags */ field = strsep(&p, ":"); if (!field) @@ -144,6 +151,7 @@ static int quirks_param_set(const char *val, const struct kernel_param *kp) unlock: mutex_unlock(&quirk_mutex); + kfree(val); return 0; }
The function quirks_param_set() takes as argument a const char* pointer to the new value of the usbcore.quirks parameter. It then casts this pointer to a non-const char* pointer and passes it to the strsep() function, which overwrites the value. Fix this by creating a copy of the value using kstrdup() and letting that copy be written to by strsep(). Fixes: 027bd6cafd9a ("usb: core: Add "quirks" parameter for usbcore") Signed-off-by: Kars Mulder <kerneldev@karsmulder.nl> --- drivers/usb/core/quirks.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-)