USB: usb-storage: fix bug in fill_inquiry

This patch (as1312) fixes a minor bug in usb-storage.  The
fill_inquiry() routine neglects to pre-load the inquiry data buffer
with spaces.  As a result, if the vendor name is shorter than 8
characters or the product name is shorter than 16, the remainder will
be filled with garbage.

The patch also removes some unnecessary calls to strlen().

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c
index f5c0264caa3317a1b681d085d09d64af6050ddc1..5a53d4f0dd11cb547f58430afc17c8501ef4a8a7 100644 (file)
--- a/drivers/usb/storage/usb.c
+++ b/drivers/usb/storage/usb.c
@@ -232,6 +232,7 @@ void fill_inquiry_response(struct us_data *us, unsigned char *data,
        if (data_len<36) // You lose.
                return;
 
+       memset(data+8, ' ', 28);
        if(data[0]&0x20) { /* USB device currently not connected. Return
                              peripheral qualifier 001b ("...however, the
                              physical device is not currently connected
@@ -241,15 +242,15 @@ void fill_inquiry_response(struct us_data *us, unsigned char *data,
                              device, it may return zeros or ASCII spaces 
                              (20h) in those fields until the data is
                              available from the device."). */
-               memset(data+8,0,28);
        } else {
                u16 bcdDevice = le16_to_cpu(us->pusb_dev->descriptor.bcdDevice);
-               memcpy(data+8, us->unusual_dev->vendorName, 
-                       strlen(us->unusual_dev->vendorName) > 8 ? 8 :
-                       strlen(us->unusual_dev->vendorName));
-               memcpy(data+16, us->unusual_dev->productName, 
-                       strlen(us->unusual_dev->productName) > 16 ? 16 :
-                       strlen(us->unusual_dev->productName));
+               int n;
+
+               n = strlen(us->unusual_dev->vendorName);
+               memcpy(data+8, us->unusual_dev->vendorName, min(8, n));
+               n = strlen(us->unusual_dev->productName);
+               memcpy(data+16, us->unusual_dev->productName, min(16, n));
+
                data[32] = 0x30 + ((bcdDevice>>12) & 0x0F);
                data[33] = 0x30 + ((bcdDevice>>8) & 0x0F);
                data[34] = 0x30 + ((bcdDevice>>4) & 0x0F);