Re: [PATCH] HID: usbhid: sanitize hid->uniq against non-printable bytes

Next message: David Laight: "Re: [PATCH v2 1/2] mm/process_vm_access: pidfd and nowait support for process_vm_readv/writev"
Previous message: Micka&#xEB;l Sala&#xFC;n: "Re: [RFC PATCH v1 10/11] samples/landlock: Add capability and namespace restriction support"
In reply to: Oliver Neukum: "Re: [PATCH] HID: usbhid: sanitize hid-&gt;uniq against non-printable bytes"
Next in thread: Taylor Hewetson: "USB: core: sanitize string descriptors against C0 control characters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alan Stern

Date: Thu Apr 23 2026 - 10:05:32 EST

On Thu, Apr 23, 2026 at 11:49:02AM +0200, Oliver Neukum wrote:
>
>
> On 23.04.26 11:29, Greg KH wrote:
> > On Thu, Apr 23, 2026 at 05:55:00AM +0000, Eric Naim wrote:
> > > On 4/18/26 3:14 PM, Greg KH wrote:
>
> > > [1] https://github.com/systemd/systemd/issues/41339#issuecomment-4266429563
> >
> > It's either up to the kernel, or every single userspace program that
> > reads the strings from a device. Might as well do it in one place,
> > right?
>
> No, because that puts the assumption that user space is not interested
> in what the device actually returns and uses these strings just
> for printing.
> Eg. you can no longer use this in a udev rule.

Also, the USB spec doesn't say anything about what characters are or
aren't allowed in a string descriptor. Anything, even a control
character, is valid. The kernel should not rule them and certainly
shouldn't truncate a string descriptor.

Alan Stern